substack-ghostwriting
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a surface for indirect prompt injection where embedded instructions could potentially influence agent behavior.\n
- Ingestion points: Content is fetched from user-provided URLs using the
WebFetchtool in Phase 0 of the Writing Workflow. Additionally, thereferences/voice-matching.mdfile directs the agent to analyze transcripts, social media posts, and Slack messages for voice extraction.\n - Boundary markers: There are no instructions specifying the use of delimiters or directives to ignore instructions contained within the analyzed source material.\n
- Capability inventory: The skill leverages several powerful tools, including
WebFetch,WebSearch,Write,Edit, andAgent(which allows the agent to call other skills, such as the mentioned humanizer skills).\n - Sanitization: No sanitization, filtering, or validation of the fetched or provided text content is performed before processing.
Audit Metadata