commercial-brief
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely through natural language instructions to guide the AI agent's behavior. It does not include executable scripts, network requests to untrusted domains, or access to sensitive system files.
- [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted external data (commercial briefs, user materials, and reference articles). This creates a surface for indirect prompt injection where malicious instructions could be embedded in the input data. However, given the skill's limited capabilities (text generation and delegation to a writing-focused skill), the risk is negligible.
- Ingestion points: Stage 1 (commercial brief), Stage 3 (user-provided materials/screenshots), and Stage 4 (reference articles).
- Boundary markers: Absent; there are no explicit instructions for the agent to ignore embedded commands within the ingested materials.
- Capability inventory: Text analysis, drafting, and calling the 'doc-coauthoring' skill. No file system or network capabilities are present in the analyzed file.
- Sanitization: Absent; the skill does not specify any validation or filtering of the input data.
Audit Metadata