messages-ops
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external messaging platforms such as iMessage, social DMs, and browser-gated surfaces, which creates a surface for indirect prompt injection.
- Ingestion points: Live message threads, social media DMs, and local messaging surfaces (SKILL.md).
- Boundary markers: The instructions do not provide explicit delimiters or directives to ignore instructions embedded within the retrieved messages.
- Capability inventory: The agent is instructed to read threads and can hand off data to other capabilities such as
knowledge-opsorlead-intelligence(SKILL.md). - Sanitization: No sanitization or validation of the incoming message data is defined in the workflow.
Audit Metadata