sms-marketing
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill properly manages API credentials using environment variables and implements required regulatory checks such as quiet hours and opt-out keyword handling. The inbound SMS processing logic is limited to safe keyword matching and does not perform any dangerous operations on untrusted input. Analysis of indirect prompt injection surfaces: (1) Ingestion point: handleInboundSMS function in SKILL.md. (2) Boundary markers: Logic is restricted to exact keyword matching after normalization. (3) Capability inventory: Database updates for consent and automated SMS replies. (4) Sanitization: Keyword normalization using trim and toUpperCase. The surface is low-risk and standard for SMS applications.
Audit Metadata