Skills
skills/kerim/claude-drafts-action-skill/drafts-actions/Gen Agent Trust Hub

drafts-actions

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides an example of integrating with the Claude API that is vulnerable to indirect prompt injection. \n
  • Ingestion points: The script in SKILL.md (Claude Translation example) reads draft.content directly into an LLM prompt. \n
  • Boundary markers: Absent; the prompt template does not use delimiters or protective instructions to isolate untrusted draft content. \n
  • Capability inventory: The action has permission to modify drafts via draft.update(), make network requests using HTTP.create(), and interact with the system clipboard. \n
  • Sanitization: User content is not sanitized for instructions before being sent to the API. \n- [COMMAND_EXECUTION]: The documentation describes action steps that enable the execution of JavaScript and AppleScript within the application environment. \n
  • Evidence: SKILL.md and references/action-steps-reference.md detail the use of script-based automation and macOS AppleScript integration for system-level tasks. \n
  • Evidence: The programmatic creation example in SKILL.md demonstrates generating and executing JavaScript steps from string templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 04:25 PM