raffle-winner-picker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core functionality relies on processing data from external, user-controlled sources which presents a significant attack surface.
- Ingestion points: The skill explicitly instructs the agent to process data from
[Sheet URL],entries.csv, andcontest-entries.xlsxas seen inSKILL.md. - Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings defined to separate the untrusted data from the agent's instructions.
- Capability inventory: The agent has the capability to read files, access external network resources (Google Sheets), and make decisions (picking winners) that have real-world consequences.
- Sanitization: The skill lacks any mentioned sanitization, validation, or escaping logic to prevent data from being interpreted as instructions.
- No Code (INFO): The skill consists entirely of natural language instructions in a markdown file. While no malicious scripts are present, the instructions themselves create a vulnerable operating environment for the agent when handling external data.
Recommendations
- AI detected serious security threats
Audit Metadata