newsletter-writer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content from Tiger Den and user-provided URLs to generate newsletter drafts, creating an indirect prompt injection surface.
- Ingestion points: Fetches full text from the Tiger Den content repository and extracts information from user-supplied URLs to write descriptions.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or clear boundaries between the agent's instructions and the fetched data.
- Capability inventory: The skill uses tools to search and retrieve content, generate UTM-tagged links, and interact with the user via specific question calls.
- Sanitization: No explicit sanitization or validation of external content is mentioned before it is used to draft text in Step 4.
Audit Metadata