content-research-writer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted text from external research and user-provided drafts to provide writing assistance.
- Ingestion points: The agent reads content from research tasks and user-created files such as article-draft.md.
- Boundary markers: The instructions lack requirements for using boundary markers or XML tags to distinguish untrusted content from system instructions.
- Capability inventory: The skill uses standard file system operations (mkdir, touch) and web search tools for research within the local writing environment.
- Sanitization: There are no instructions for sanitizing or escaping the content retrieved from external sources before the agent analyzes it.
Audit Metadata