outreach-automator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from GitHub (bios, repository descriptions) into a JSON format intended for agent use. This presents an indirect prompt injection surface.\n
- Ingestion points: External data fetched from the GitHub API in
enrich.shanddiscover.sh.\n - Boundary markers: Data is structured in JSON format, but the skill does not provide instructions to the AI agent to ignore or isolate potential commands within the fetched text.\n
- Capability inventory: The skill has the capability to write to the local file system (
~/.outreach/) and interact with the GitHub API.\n - Sanitization: The retrieved string data is not sanitized or filtered before being stored or used in drafts.\n- [COMMAND_EXECUTION]: Tasks are performed through the execution of local bash scripts (
discover.sh,enrich.sh,track.sh,campaign.sh) that interact with the system environment and the GitHub CLI tool.
Audit Metadata