email-draft-polish
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process external email threads, which provides a surface for embedded instructions to influence agent behavior.
- Ingestion points: Untrusted data enters the context through user-provided email threads and drafts in SKILL.md.
- Boundary markers: The workflow does not specify the use of delimiters or warnings to ignore instructions within the ingested text.
- Capability inventory: No subprocess calls, code execution, file system access, or network operations are defined in SKILL.md.
- Sanitization: No evidence of input validation or sanitization of the email content is present.
- [No Code] (SAFE): This skill consists entirely of natural language instructions and does not include any executable scripts, dependencies, or external downloads.
Audit Metadata