content-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external and untrusted text data through various workflow stages. Malicious instructions contained within a draft or topic could potentially influence the agent's behavior during analysis or formatting.
- Ingestion points: External data enters the context via the
[topic]argument for the full pipeline and the[file path]for draft review and distribution tasks. - Boundary markers: No specific delimiters (like XML tags or markdown blocks) or instructions to treat inputs as untrusted data are present in the skill instructions.
- Capability inventory: The skill instructions guide the agent to perform research (web search, RSS), editorial review, and social media adaptation, which could be subverted if the input contains hidden commands.
- Sanitization: There is no evidence of input validation, filtering, or escaping of the content before it is processed by the agent.
Audit Metadata