post-writer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown instructions and reference specifications without any associated scripts or executable binaries.
- [PROMPT_INJECTION]: The skill implements a 'Memory Auto-Load Protocol' that ingests data from local markdown files. While this creates an indirect prompt injection surface where malicious content in those files could influence output, the skill lacks the capabilities to execute commands or exfiltrate data.
- Ingestion points: Files within brand-memory/, creative-memory/, and research-memory/.
- Boundary markers: None explicitly defined to separate loaded data from instructions.
- Capability inventory: Local file read/write access limited to specific project directories. No network or subprocess execution capabilities.
- Sanitization: Content is reviewed for quality and 'AI slop' but not specifically sanitized for instruction injection.
Audit Metadata