content-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill demonstrates a high-risk surface for indirect prompt injection (Category 8) due to its core function of analyzing external text.
- Ingestion points: The skill ingest untrusted data from user-specified files (e.g.,
existing_content.txt,blog_post.md) into the agent's context viabrand_voice_analyzer.pyandseo_optimizer.py. - Boundary markers: There are no delimited boundaries or system instructions to ignore embedded prompts within the files being analyzed.
- Capability inventory: The skill possesses the capability to execute shell commands (
python,grep,cp) and modify the filesystem. - Sanitization: No evidence of sanitization or filtering for malicious instructions within the input files is provided.
- Command Execution (MEDIUM): The skill relies on the execution of subprocesses and shell commands to perform its duties. While the scripts are local, directing an agent to execute commands like
grep -f references/brand_guidelines.md content.txton potentially attacker-controlled content provides a vector for command manipulation or information leakage if the input files are crafted to exploit shell syntax. - Unverifiable Code (MEDIUM): The skill references multiple external scripts (
scripts/brand_voice_analyzer.py,scripts/seo_optimizer.py) and reference files which are not present in the analyzed set. The security of the skill depends entirely on the contents of these unverified local scripts.
Recommendations
- AI detected serious security threats
Audit Metadata