ads-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion process. It fetches content from user-provided URLs and web search results, which are then directly interpolated into the prompts of five different subagents.
- Ingestion points: External content enters the agent's context through WebFetch (homepage analysis) and WebSearch (competitor intelligence and industry benchmarks).
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded within the retrieved external data. The context is passed to subagents using simple placeholders like [Insert full context package from Phase 1].
- Capability inventory: The skill possesses the ability to execute web tools, launch sub-agents, and write strategy reports to the file system (ADS-STRATEGY-[CompanyName].md).
- Sanitization: There is no evidence of sanitization, filtering, or validation of the text retrieved from external sources before it is processed by the AI subagents.
Audit Metadata