raffle-winner-picker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a significant attack surface by ingesting external, attacker-controllable data to perform selection logic and downstream tasks.\n
- Ingestion points: Untrusted data enters the agent context via
[Sheet URL](Google Sheets), local files (entries.csv,contest-entries.xlsx), and raw text lists.\n - Boundary markers: Absent. The skill provides no instructions to the agent to treat input data as literal values rather than potential instructions.\n
- Capability inventory: The skill facilitates decision-making (winner selection) and suggests high-impact downstream workflows such as "Email winners directly," "Export winner details," and "Announce publicly."\n
- Sanitization: None. There is no mention of filtering, escaping, or validating the content of the rows or list items before processing.\n- [Data Exposure] (LOW): The skill is designed to handle sensitive personally identifiable information (PII) such as names and email addresses. While the intended use is legitimate raffle management, the lack of injection protection increases the risk that this PII could be exposed or exfiltrated via a malicious payload in the input source.
Recommendations
- AI detected serious security threats
Audit Metadata