sequence-performance
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the analyzed files. The skill functions as a diagnostic composite using natural language instructions to perform analysis.
- [NO_CODE]: The skill does not bundle any executable scripts or binary files; its logic is entirely contained within the SKILL.md instructions, which reduces the risk of traditional code-based exploits.
- [PROMPT_INJECTION]: The skill ingests untrusted external data in the form of email replies for classification in Step 3. While this presents a surface for indirect prompt injection, the instructions focus on analytical categorization rather than execution of commands found in the text.
- [DATA_EXFILTRATION]: The skill's requests for access to campaign metrics and email content from outreach tools (e.g., Smartlead, Instantly) are part of its primary functionality and are used solely to generate user-requested reports.
- [EXTERNAL_DOWNLOADS]: The installation process uses a standard package runner (npx) for the platform's own skill manager, which is a routine and safe operation.
Audit Metadata