raffle-winner-picker
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes external, potentially attacker-controlled data without proper boundaries or sanitization.
- Ingestion points: Google Sheet URLs, local CSV files (
entries.csv), and Excel spreadsheets (contest-entries.xlsx). - Boundary markers: Absent. There are no instructions provided to the agent to treat data within the spreadsheets as non-executable text.
- Capability inventory: The agent is expected to access external network URLs (Google Sheets) and read local file system contents.
- Sanitization: Absent. No logic is defined for validating or escaping input from external sources.
- [Data Exposure] (LOW): The skill is explicitly designed to handle and display Personally Identifiable Information (PII) such as names and email addresses. This increases the risk if the agent is manipulated via an injection to exfiltrate this data.
- [No Code] (INFO): This skill contains no executable scripts or code files, only markdown instructions. Its security is dependent on the specific implementation of the agent's file-reading and web-accessing tools.
Audit Metadata