email-formatting
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its formatting script.
- Ingestion points: Data is ingested from JSON files or CLI arguments in
scripts/format_email.py. - Boundary markers: No delimiters or isolation instructions are present to prevent untrusted data from influencing the HTML structure.
- Capability inventory: The skill is limited to generating and printing HTML strings; it lacks network access or file system modification capabilities.
- Sanitization: Input data is directly interpolated into HTML templates using f-strings and the
.format()method without escaping, which allows for HTML and CSS injection.
Audit Metadata