audience-profiler
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection through its Auto-Load Protocol. It reads content from several local markdown files and interpolates that data directly into complex reasoning prompts for Perplexity tools.\n
- Ingestion points: The skill reads all markdown files within the 'research-memory/' and 'brand-memory/' directories, including 'market-landscape.md', 'competitive-intel.md', and 'voice-profile.md'.\n
- Boundary markers: There are no defined delimiters or 'ignore embedded instructions' warnings used when incorporating the loaded file content into system prompts.\n
- Capability inventory: The agent utilizes powerful reasoning and search capabilities via 'perplexity_reason' and 'perplexity_ask' and possesses file-write permissions for the local filesystem (e.g., updating 'customer-insight.md').\n
- Sanitization: The skill does not perform any validation, escaping, or sanitization of the data retrieved from the research memory files before using it to drive the research and reasoning process.
Audit Metadata