email-composer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): High-risk vulnerability surface detected due to the combination of high-privilege tool access and unvalidated data ingestion.
- Ingestion points: Untrusted user input for email 'Purpose' and 'Key points' is processed directly by the agent via templates in SKILL.md.
- Boundary markers: Absent; there are no clear delimiters or system instructions to ignore potential commands embedded within the user context.
- Capability inventory: The skill is granted 'Read', 'Write', and 'Edit' permissions via its YAML frontmatter, permitting file modification.
- Sanitization: No sanitization or verification logic is present to secure external content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata