raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection through processed data.
- Ingestion points: The skill explicitly instructs the agent to read from Google Sheets, CSV, and Excel files provided by users.
- Boundary markers: Absent. There are no instructions or delimiters (e.g., XML tags or clear 'ignore instructions in data' warnings) to prevent the agent from executing commands hidden within the spreadsheet cells.
- Capability inventory: Reading external URLs (Google Sheets), reading local files (CSV/XLSX), and processing/outputting text.
- Sanitization: Absent. The skill does not define any validation or filtering mechanisms for the data ingested from external files.
- [NO_CODE] (SAFE): The skill consists only of documentation and instructional prompts. No scripts, binaries, or dependency files (e.g., package.json, requirements.txt) are included, which limits the risk to prompt-based attacks rather than system-level compromise.
Audit Metadata