compose-outreach
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- Research-Based Data Ingestion: The skill retrieves contact and company activity signals from Common Room and Spark through established MCP tools. (1) What it does: It incorporates external activity signals into the prompt context to generate drafts. (2) Why it's a concern: Processing untrusted external content can lead to indirect prompt injection if the content contains instructions designed to manipulate the AI.
- Ingestion points: Data is pulled from community activity, product usage, and web searches as outlined in SKILL.md.
- Boundary markers: The instructions do not specify delimiters for isolating external research content.
- Capability inventory: The skill is designed for drafting messages and does not have the ability to execute system commands or access unauthorized files.
- Sanitization: No specific filtering for the retrieved data is mentioned, which is common for drafting-focused tools.
- Reference to Internal Guidelines: The skill utilizes local files such as references/outreach-formats-guide.md and references/my-company-context.md to maintain tone and strategy. (1) What it does: It reads local markdown files to calibrate its value proposition and formatting. (2) Why it's a concern: While these files provide necessary context for high-quality drafts, users should ensure that company context files do not contain sensitive secrets or credentials as they are processed by the model.
Audit Metadata