positioning-angles
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its automated research data ingestion protocol.\n
- Ingestion points: The skill is instructed to automatically scan the
research/directory and load files produced by external tools such as Perplexity MCP and Firecrawl.\n - Boundary markers: There are no protective delimiters or explicit 'ignore embedded instructions' warnings applied to the data loaded from the research files.\n
- Capability inventory: The agent has the capability to write files to the
brand-memory/directory and to generate complex prompt templates for secondary 'Task Agents', which could be manipulated by malicious content in ingested research.\n - Sanitization: No validation or escaping of the external research content is performed before it is integrated into the agent's context.\n- [NO_CODE]: The skill is comprised solely of markdown files containing instructions and reference patterns, with no accompanying executable scripts or binaries detected.
Audit Metadata