content-scout
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the user's Slack DM history (Step 2) to search for previously recommended URLs. While intended for deduplication, this functionality requires the agent to read private communication logs, which represents a data exposure risk.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from the web (Step 3) and uses it to generate social media posts (Step 5).
- Ingestion points: External articles and technical blogs fetched via web search (SKILL.md).
- Boundary markers: Absent. The instructions do not define delimiters or specific constraints to separate external content from the agent's internal drafting logic.
- Capability inventory: Access to internal marketing tools (Tiger Den), voice profiles, and Slack messaging capabilities.
- Sanitization: Absent. The skill does not specify any sanitization or validation procedures for the content retrieved from external sources before it is processed.
Audit Metadata