brand-dna
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core functionality of fetching and parsing untrusted data from the public internet.
- Ingestion points: The agent is instructed to fetch content from the homepage, about page, and product/service pages of user-provided URLs using the WebFetch tool (specified in
SKILL.md). - Boundary markers: Absent; the instructions do not include specific delimiters or directives to ignore instructions that might be embedded in the fetched HTML, CSS, or text content.
- Capability inventory: The skill directs the agent to write a structured
brand-profile.jsonfile to the current working directory based on the fetched data. - Sanitization: Absent; the extraction logic parses strings directly from CSS declarations and HTML elements without explicit validation or sanitization, which could allow maliciously crafted website content to influence the resulting profile or subsequent agent behavior.
Audit Metadata