customer-win-back-sequencer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external, untrusted data to inform its decision-making and content generation.
- Ingestion points: Data is collected from external sources via
web_searchandfetch_webpagetools during the research phases (Phase 1A, 1B, and 1C in SKILL.md). - Boundary markers: The skill instructions do not utilize boundary markers or explicit directives to ignore instructions that might be embedded within the retrieved web content.
- Capability inventory: The skill generates personalized email sequences and writes detailed reports to the local file system (
clients/directory), which could be manipulated by injected content. - Sanitization: There is no evidence of validation, filtering, or escaping of the fetched external content before it is processed by the model for scoring or sequence generation.
Audit Metadata