raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Risk. The skill facilitates processing untrusted data from external sources (Google Sheets, CSV, Excel). Malicious instructions embedded in these files could influence agent behavior. * Ingestion points: Google Sheets via URL, local entries.csv/xlsx files. * Boundary markers: Absent; the skill does not specify delimiters to separate data from instructions. * Capability inventory: Accesses network (Google Sheets API) and reads local file system. * Sanitization: Absent; no mention of sanitizing or validating the contents of the imported data.
- [NO_CODE] (SAFE): The skill consists solely of a markdown description with no executable scripts or configuration files, limiting the direct execution risk.
Audit Metadata