social-media-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill lacks delimiters and validation for user-provided data, creating a significant injection surface.
- Ingestion points: Event names, messages, and announcements collected in
SKILL.md(Step 1). - Boundary markers: Absent; user input is directly interpolated into markdown templates in the
assets/directory. - Capability inventory: The agent is instructed to create directories and write markdown files to the local file system (Steps 3 & 4).
- Sanitization: Absent; no instructions exist to filter or escape user-supplied strings before processing.
- [Command Execution] (MEDIUM): Risk of directory traversal during file creation.
- Evidence:
SKILL.mdStep 3 uses the user-providedevent-namedirectly in the file path:social-media/twitter/event-name...md. - Risk: Without filename sanitization, a user could provide an event name like
../../../to attempt writing files outside the designatedsocial-media/folder.
Recommendations
- AI detected serious security threats
Audit Metadata