action-mailer-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or extract system prompts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations detected. Uses standard placeholder domains like 'example.com'.
- Obfuscation (SAFE): No encoded content, zero-width characters, or homoglyphs identified.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external package installations or remote script executions via curl/wget. References standard Rails CLI commands.
- Privilege Escalation (SAFE): No use of sudo, chmod, or other commands to acquire elevated permissions.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or system services for persistence.
- Metadata Poisoning (SAFE): Metadata fields accurately describe the skill's purpose without deceptive instructions.
- Indirect Prompt Injection (SAFE): The skill serves as a pattern library and does not ingest untrusted external data for execution or decision-making. Standard template variables are used in a controlled context.
- Time-Delayed / Conditional Attacks (SAFE): No logic found that triggers behavior based on specific dates, times, or environment conditions.
- Dynamic Execution (SAFE): No runtime code generation, process injection, or unsafe deserialization of untrusted data.
Audit Metadata