roundup
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing untrusted data from multiple external sources to generate briefings.
- Ingestion points: Data is pulled from GitHub pull requests/issues, M365/WorkIQ emails and Teams messages, Slack channels, Google Workspace emails/docs, and a local configuration file at
~/.config/roundup/config.md. - Boundary markers: Absent. The instructions do not provide delimiters or specific warnings to the agent to distinguish between the content of the data (e.g., the body of an email) and instructions to the agent.
- Capability inventory: The skill has the capability to read local files (
config.md), write files to the user's desktop (~/Desktop), and perform network operations via integrated tools (GitHub, Slack, Workspace APIs). - Sanitization: Absent. There is no evidence of content escaping, validation, or filtering before the external data is synthesized into the final briefing draft.
Audit Metadata