persona-exec-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted external data.
- Ingestion points: Instructions in
SKILL.mddirect the agent to read and triage data fromgws-gmail(emails),gws-calendar(meeting descriptions), andgws-chat. - Boundary markers: Absent; the skill does not implement specific delimiters or instructions to treat external data as untrusted content.
- Capability inventory: The agent has the authority to draft and send emails (
gws gmail +send), modify calendar events (gws calendar +insert), and access files (gws-drive). - Sanitization: No sanitization or validation logic is specified for the data ingested from Workspace services.
Audit Metadata