content-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The core logic in
references/full-guide.mdinstructs the agent to 'discover' project context by reading arbitrary files like.agents/SYSTEM/ARCHITECTURE.mdand existing newsletters/tweets. This creates a surface for indirect prompt injection if those source files contain malicious instructions. - Ingestion points: Multiple project files and historical content mentioned in
references/full-guide.md. - Boundary markers: Absent. There are no instructions for the agent to treat the discovered content as untrusted or to ignore embedded commands.
- Capability inventory: The skill focus is text generation, but it acts as a data aggregator that could influence future agent actions.
- Sanitization: Absent. The skill does not provide any patterns for sanitizing or escaping the content it reads.
- [External Downloads] (LOW): The
SKILL.mdfile suggests that users install an external plugin from an untrusted GitHub user (coreyhaines31/marketingskills). While the installation requires user consent, recommending unverified third-party code increases the potential attack surface.
Audit Metadata