content-atomizer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown instruction files (SKILL.md and platform-transformation-guide.md). There are no executable scripts (Python, JavaScript, Shell) or binary files included, significantly reducing the attack surface.
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it is designed to ingest and process untrusted external content (blog posts, transcripts, or URLs).
- Ingestion points: SKILL.md 'Input Gathering' section (accepts full text or URLs).
- Boundary markers: None identified; there are no specific instructions to the agent to ignore instructions embedded within the source content.
- Capability inventory: No risky capabilities (subprocess calls, file writes, or network requests) are present in the skill files.
- Sanitization: No input sanitization or validation logic is defined.
- Despite the surface, the risk is minimal because the skill is purely instructional and lacks dangerous tools for an attacker to leverage.
- [SAFE]: Access to the 'brand-memory/' directory is functional and used to retrieve brand-specific guidelines (voice, positioning, audience). This does not target sensitive system directories or credentials.
Audit Metadata