creative-brief-generator
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by combining untrusted user inputs with sensitive internal data.\n
- Ingestion points: User inputs for campaign name, objective, target audience, and messaging are collected in Step 2 of
SKILL.md.\n - Boundary markers: The skill lacks explicit delimiters (such as XML tags or clear section headers with instructions to ignore embedded commands) to separate user-provided content from the system's operational context.\n
- Capability inventory: The agent has access to the
get_marketing_referencetool to fetch restricted customer names ('no-fly-list') and includes logic to search for and save briefs via thebriefs-integration.mdprotocol.\n - Sanitization: There is no evidence of validation or sanitization of user-provided text before it is processed in the same context as the sensitive 'No Fly List'.\n
- Risk: An attacker could provide a campaign objective or message that contains hidden instructions designed to override the suppression rule, potentially forcing the agent to reveal restricted customer names in its output.
Audit Metadata