content-draft-generator
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches external content via the
web_fetchtool (Step 2) and processes it through a chain of sub-agents (content-deconstructor.md,content-anatomy-generator.md, etc.). - Ingestion points: External URLs provided by the user in Step 1 and fetched in Step 2 of
SKILL.md. - Boundary markers: None. The instructions in
references/content-deconstructor.mddo not utilize XML tags, delimiters, or explicit warnings to ignore instructions found within the source material. - Capability inventory: The agent can fetch URLs, write files to several directories (
content-breakdown/,content-draft/, etc.), and execute a dynamically generated "meta-prompt". - Sanitization: None. The skill assumes all fetched content is passive data rather than potentially active instructions.
- [External Downloads] (LOW): In
SKILL.md, the workflow includes a hardcoded transformation for Twitter/X URLs toapi.fxtwitter.com. This sends user-provided data (status IDs) to a third-party service that is not part of the trusted source list. While common for scraping, it represents an unverified external dependency.
Audit Metadata