email-template-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process user-provided business requirements to generate code and configurations, creating a large attack surface.
- Ingestion points: Processes business automation requests and email template requirements from potentially untrusted sources (e.g., users or external documents).
- Boundary markers: No delimiters or instructions are present to distinguish between user data and system instructions.
- Capability inventory: Includes
Bash,Write, andEdittools via theallowed-toolsmetadata, which allows for file system modification and arbitrary command execution. - Sanitization: No sanitization or validation logic is defined to prevent the agent from executing instructions embedded in the generated templates.
- [Command Execution] (HIGH): The skill explicitly requests the
Bashtool. In the context of an 'Email Template Generator,' providing shell access is an excessive privilege (violation of least privilege) that significantly increases the impact of any prompt injection attack. - [No Code] (INFO): The skill consists entirely of a markdown configuration file with no accompanying scripts or logic. The behavior depends entirely on the agent's interpretation of the broad triggers and metadata, making the safety of its output unpredictable.
Recommendations
- AI detected serious security threats
Audit Metadata