client-packet-engine
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: Content is scraped from user-provided company URLs using tools like
review-scraper,web-archive-scraper, andlinkedin-post-researchin SKILL.md (Phase 1 and Phase 3). - Boundary markers: There are no explicit instructions or delimiters defined to prevent the model from following malicious instructions that might be embedded in the scraped web content.
- Capability inventory: The skill has the ability to write multiple files to the local disk and can trigger outbound communications (emails) if the default safety mode is overridden.
- Sanitization: The playbook does not describe any sanitization or filtering logic for the data retrieved by the scrapers before it is used for strategy synthesis and drafting.
- [EXTERNAL_DOWNLOADS]: The skill utilizes several external data gathering capabilities.
- Evidence: Incorporates tools such as
apollo-lead-finder,review-scraper, andweb-archive-scraperto fetch data from various internet sources as part of its intelligence gathering phase. - [COMMAND_EXECUTION]: The skill provides a mechanism to disable its primary safety constraint.
- Evidence: The
pitch_packet_mode: falseconfiguration override explicitly enables live campaign execution, which includes sending real emails and spending paid API credits (SKILL.md, Configuration Overrides).
Audit Metadata