outbound-sequencer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill's metadata specifies a dependency on
@clawfu/mcp-skills. This is an external, third-party MCP server that does not belong to the defined Trusted GitHub Organizations or Repositories. Third-party MCP servers can execute code or access data with the permissions granted to the agent. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest external data points such as 'trigger observations' (e.g., news, funding, hiring) to personalize outreach.
- Ingestion points: User-provided parameters and trigger data in Step 1 and Example 1.
- Boundary markers: Absent. User input is directly interpolated into message templates (e.g.,
[Trigger observation]). - Capability inventory: The skill itself describes text generation, but the associated MCP server may have broader capabilities.
- Sanitization: None. The skill does not describe any validation or filtering of the 'trigger' content, which could contain malicious instructions meant to hijack the agent's reasoning.
Audit Metadata