opened-daily-newsletter-writer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Notion and external URLs, creating a surface for indirect prompt injection. 1. Ingestion points: Notion collection search (collection://5d0c1ad8-e111-4162-91da-2cac9bd1269b) and source material URLs. 2. Boundary markers: None specified in the instructions to delimit untrusted content. 3. Capability inventory: Filesystem operations (mkdir, cp), Notion search, and automated HubSpot draft creation via internal tools. 4. Sanitization: No input validation or sanitization is performed on ingested data. Mitigation: The risk is mitigated by a mandatory human approval step (Checkpoint 1) before the newsletter is drafted.
- [COMMAND_EXECUTION]: The skill uses local shell commands including
mkdirto create project directories andcpto archive final newsletter files within the local workspace environment.
Audit Metadata