media-writer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHNO_CODE
Full Analysis
- [Unverifiable Dependencies] (SAFE): No Python or Node.js packages are required or installed. The skill is entirely static markdown.
- [Indirect Prompt Injection] (LOW): (1) Ingestion points: Technical content provided as user input. (2) Boundary markers: Absent. (3) Capability inventory: No tool calls, shell execution, or file system writes. (4) Sanitization: Absent. The ingestion surface exists, but the skill lacks the capabilities to perform high-risk actions.
- [External Downloads] (INFO): An automated scan flagged a phishing URL in references/linkedin.md. Manual analysis of the file shows no URLs are present; the scanner likely triggered on the stylistic examples of common social media 'hooks' (e.g., 'I got fired').
- [Command Execution] (SAFE): No subprocesses or shell commands are invoked.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata