Skills
skills/rankearly/rankearly-skills/draft-creator/Gen Agent Trust Hub

draft-creator

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves and processes data from external web sources (Google search results and SERP pages) to generate blog drafts and knowledge bases.
  • Ingestion points: Web content from Google searches and SERP pages are processed in SKILL.md (Steps 1 and 2).
  • Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore instructions embedded within the fetched web content.
  • Capability inventory: The agent has the capability to create directories and write files to the local filesystem (e.g., ./blogs//knowledge-base.md).
  • Sanitization: There is no evidence of sanitization or filtering of the external content before it is used to influence the agent's output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:58 PM