funnel-architect
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests that users install an external plugin from a third-party GitHub repository (
coreyhaines31/marketingskills) to extend functionality. While this is a user-initiated action, the source is not verified as part of the skill author's infrastructure. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by ingesting untrusted data during the 'Discovery' and 'Hook-Story-Offer' phases.
- Ingestion points: User-provided main offer descriptions, problem statements, and story elements in
SKILL.md(Steps 1 and 4). - Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore embedded commands within the user's business descriptions.
- Capability inventory: The skill primarily generates text output and does not demonstrate dangerous file-system or network capabilities.
- Sanitization: Absent. Input is processed directly into the funnel blueprint generation logic.
Audit Metadata