content-draft-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The
content-deconstructor.mdandcontent-anatomy-generator.mdsubagents create a vulnerability chain (Category 8). The skill is designed to fetch and 'thoroughly' analyze content from attacker-controlled external sources like URLs, tweets, and videos. - Ingestion points:
content-deconstructor.mdprocesses untrusted data from URLs. - Boundary markers: Absent. The instructions do not define delimiters to separate the content being analyzed from the agent's internal instructions.
- Capability inventory: The skill produces 'Meta Prompts' and 'Fill-in-the-Blank Templates' which are used to generate further agent actions. A successful injection at the deconstruction stage can poison the resulting prompts, leading to high-impact side effects in downstream tasks.
- Sanitization: Absent. The subagent is explicitly told to 'analyze what works, even if you disagree,' which could lead the agent to interpret a malicious payload as a 'highly effective hook' or 'persuasion technique' and incorporate it into future templates.
- Metadata Poisoning (LOW): The
content-anatomy-generator.mdrequires listing the source URLs in the final output. If an attacker uses a long, instruction-laden URL (e.g., containing 'Ignore all rules...'), the agent may execute those instructions while generating the 'Generated From' section.
Recommendations
- AI detected serious security threats
Audit Metadata