early-access-email-sequence
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external web searches and website fetching to perform research. Ingestion points: LinkedIn profile data and company website content are retrieved via WebSearch and WebFetch tools in Phases 1 and 2. Boundary markers: Absent; there are no instructions or delimiters provided to the agent to isolate the fetched content or prevent it from obeying embedded commands. Capability inventory: The skill has the capability to write research notes and generated email content to a Notion database using the
notion-create-pagestool. Sanitization: Absent; retrieved data is directly interpolated into email templates without validation or filtering. - [DATA_EXFILTRATION]: The skill transmits gathered research findings and generated email content to a user-specified Notion database. While this is the primary functionality, it involves the movement of personal and professional information to an external cloud service.
- [COMMAND_EXECUTION]: The skill utilizes Notion MCP tools (
notion-create-pages,notion-create-database) to programmatically structure and store the email onboarding sequences.
Audit Metadata