newsletter-ad-review
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from CSV/Excel files and user-pasted tables (SKILL.md, Step 2), creating a surface for indirect prompt injection. This is a standard risk for skills that aggregate external data and is expected for the documented use case.
- Ingestion points: External report files and pasted text.
- Boundary markers: Not defined in the instructions.
- Capability inventory: Internal marketing tools (get_marketing_context, list_marketing_references).
- Sanitization: No explicit content validation or filtering described.
Audit Metadata