email-templates
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the lack of input sanitization in its template rendering logic.
- Ingestion points: Data is ingested from external JSON files specified via the
--dataargument in thescripts/format_email.pyandscripts/render_template.pyscripts. - Boundary markers: No boundary markers or special instructions are used within the templates or the rendering script to distinguish between data and potentially malicious instructions.
- Capability inventory: The
scripts/format_email.pyscript includes the capability to send rendered HTML emails via aGmailClientintegration. - Sanitization: The
render_templatefunction inscripts/render_template.pyperforms simple string replacement without HTML escaping or input validation, allowing potentially malicious scripts or links to be rendered and sent if the source data is compromised.
Audit Metadata