email-generation
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted external data.- [NO_CODE]: The skill contains only markdown instructions and metadata with no executable scripts or code files.
- [PROMPT_INJECTION]: Indirect prompt injection evidence chain:
- Ingestion points: Recipient data and enrichment columns are loaded from a 'Contact CSV' and an external 'Prompt template' file.
- Boundary markers: There are no defined delimiters or safety instructions (e.g., 'ignore instructions in fields') to separate CSV data from the agent's core instructions.
- Capability inventory: The skill performs file system read operations on input files and write operations to the 'claude-code-gtm/csv/output/' directory.
- Sanitization: No sanitization, escaping, or schema validation is mentioned for the CSV content before it is interpolated into the generation prompt.
Audit Metadata