card-news-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill handles untrusted external data (User topics, research-memory), creating a surface for indirect prompt injection.
- Ingestion points: User-provided topic/theme, language preferences, and files from brand/research memory directories.
- Boundary markers: Absent; the orchestration instructions do not specify the use of delimiters or isolation wrappers when passing user-provided data to downstream sub-skills.
- Capability inventory: The skill is authorized to read and write to local markdown files (e.g., series-config.md) and provides instructions for the user to execute tools like Playwright and image generators via subsequent skill calls.
- Sanitization: No explicit validation or filtering of input content is performed within the orchestration logic.
- [DATA_EXFILTRATION]: The skill performs localized file operations within its defined memory structure.
- Evidence: The skill reads from and writes to specific configuration and log files such as 'series-config.md' and 'production-log.md'. These operations are restricted to the local environment and are necessary for the skill's primary function of tracking production status; no network exfiltration of this data was observed.
Audit Metadata