newsletter-ad-writer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows professional marketing workflows and includes explicit safety constraints (e.g., the No Fly List) to ensure compliance with company policies. All tool usage (get_marketing_context, search_content) appears consistent with legitimate, scoped access to internal vendor resources.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses internal documentation (brand voice, product context) using platform-native tools. There is no evidence of unauthorized data transmission or access to sensitive local system files like SSH keys or environment variables.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external newsletter profiles and user-provided briefs. While it lacks explicit XML-style boundary markers for this input, the risk is mitigated by the skill's narrow focus on text generation and the absence of high-privilege capabilities like arbitrary command execution or file writes.
- [COMMAND_EXECUTION]: No shell commands or subprocess calls were detected. The skill's logic is restricted to prompt-based content generation and the use of predefined marketing tools.
Audit Metadata