action-creator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Dynamic Script Generation: This skill is designed to use the agent's file-writing capabilities to create TypeScript files that define reusable actions. While this is the core functionality for workflow automation, generating executable code based on user requests is a powerful capability that warrants verification of the produced logic to ensure it matches the user's intent and safety requirements.
- Indirect Prompt Injection Surface: The
forward-bug-report.tstemplate incorporates untrusted data from an email body directly into an AI prompt. Because email content comes from external senders, it is possible for a sender to include instructions designed to mislead the AI's analysis. - Ingestion points: The
email.bodyvariable intemplates/forward-bug-report.tsreceives content from external email senders. - Boundary markers: No specific delimiters or 'ignore' instructions are currently used to wrap the email content within the prompt.
- Capability inventory: The handler in this template utilizes
context.sendEmail,context.addLabel, andcontext.callAgent. - Sanitization: The email content is interpolated into the prompt string without specific filtering or escaping mechanisms.
- Network Capability: The documentation for the
ActionContexthighlights afetchcapability, enabling created actions to communicate with external APIs. While no specific malicious URLs are hardcoded in the templates, this functionality allows actions to interact with web services, which should be done using trusted endpoints.
Audit Metadata