user-context
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files and private communication history to build the user profile. It reads the project's
.envfile to retrieve configuration IDs and infer company domains, which may expose sensitive environment variables or secrets. Additionally, it uses the Gmail MCP to search and read the user's sent messages for tone analysis, processing private data to infer communication styles. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted external data.
- Ingestion points: LinkedIn profile URLs and external web search results are ingested to gather company and personal data.
- Boundary markers: There are no instructions to the agent to distinguish between legitimate data and potential instructions embedded in the retrieved web/LinkedIn content.
- Capability inventory: The skill has the ability to write to the local file system (
revops/seller_context.md) and interact with multiple high-privilege MCP tools (Attio, Gmail, Extruct). - Sanitization: No explicit sanitization, validation, or escaping of external content is described before the data is processed by the LLM.
Audit Metadata