interaction-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill describes a system for automating interactions with external, untrusted content such as user comments and direct messages on social media platforms. This architecture introduces a risk of indirect prompt injection, as the agent is instructed to process and respond to data that could contain malicious instructions.
- Ingestion points: User comments, mentions, and DMs referenced throughout the implementation steps in SKILL.md.
- Boundary markers: No protective delimiters or 'ignore' instructions are included in the response templates to prevent the agent from following instructions embedded in user messages.
- Capability inventory: The skill assumes the agent has capabilities to send automated replies and direct messages to users.
- Sanitization: There is no mention of input validation, filtering, or sanitization of user content before it is used to generate an automated response.
Audit Metadata