newsletter-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted email content that could contain malicious instructions.\n
- Ingestion points: External email data (subject and body) is fetched from the AgentMail API in
scripts/scan_newsletters.py.\n - Boundary markers: The skill lacks explicit delimiters or instructions to treat the email content as untrusted data when passing it to other components or downstream skills like
company-contact-finder.\n - Capability inventory: The skill has the ability to read email data and extract information that influences the behavior of linked skills.\n
- Sanitization: While the script performs basic HTML stripping in
scripts/scan_newsletters.py, it does not implement natural language validation to prevent the execution of embedded instructions.
Audit Metadata