raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): Indirect prompt injection surface detected through external data processing functions.\n
- Ingestion points: The skill ingests data from Google Sheets URLs and local files (CSV, XLSX).\n
- Boundary markers: Absent; the skill lacks instructions to isolate data from control logic or to ignore embedded instructions.\n
- Capability inventory: The skill utilizes file reading and network access to retrieve participant lists.\n
- Sanitization: No sanitization or validation of the input data content is mentioned or implemented.\n- No Code (SAFE): The provided file contains only markdown instructions and metadata, with no associated executable scripts or packages.
Audit Metadata