geo-brand-mentions
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes a Python script via the Bash tool to verify brand existence on Wikipedia and Wikidata. This process uses simple string interpolation to insert a user-provided "brand name" into the code (e.g., brand = '[Brand_Name]'). This creates a vulnerability where a malicious brand name could terminate the string and execute arbitrary Python code, as the skill provides no sanitization logic for the input variable.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from high-traffic community platforms to calculate brand authority scores.\n
- Ingestion points: Untrusted content is fetched via WebFetch from YouTube video descriptions, Reddit threads, and Wikipedia articles (SKILL.md, Step 2).\n
- Boundary markers: The skill does not define delimiters or provide instructions for the agent to ignore potentially malicious embedded instructions within the fetched data.\n
- Capability inventory: The agent has access to powerful tools including Bash, Write, and WebFetch, which could be exploited if the agent obeys instructions found in external data.\n
- Sanitization: No validation or filtering is applied to the retrieved platform data before the agent analyzes it for sentiment and authority metrics.\n- [SAFE]: The skill performs legitimate lookups on well-known and trusted platforms including the Wikipedia API, Wikidata API, LinkedIn, and YouTube to assess entity notability.
Audit Metadata