framework-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection exists during the pattern extraction phase. 1. Ingestion points: Files like creative-memory/content-examples.md and direct user input are used for analysis in Mode 1 and Mode 2. 2. Boundary markers: No delimiters or isolation instructions are present to prevent the model from following commands embedded in the example content. 3. Capability inventory: The skill is restricted to reading and writing markdown files within the brand-memory/ and creative-memory/ directories; no external network access or shell execution capabilities are present. 4. Sanitization: No sanitization, validation, or escaping is performed on external content before it is processed to generate frameworks.
Audit Metadata