card-news-contents-manager
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests content from external sources to generate prompts for downstream tools.
- Ingestion points: The skill processes output from a 'copy-writer' agent and metadata from 'image-alt' strings.
- Boundary markers: The prompt generation logic lacks delimiters to isolate untrusted data from the instructions.
- Capability inventory: It outputs structured visual asset plans and AI prompts that are subsequently consumed by the 'image-generator' and 'card-news-maker' tools.
- Sanitization: There is no evidence of input validation or escaping for external content before it is interpolated into prompts.
- [NO_CODE]: No executable scripts or binary files were found in the skill, which limits the risk of traditional technical exploits.
Audit Metadata