raffle-winner-picker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8). It is designed to ingest and process untrusted data from external URLs (Google Sheets) and local files (CSV/Excel) without implementing any defensive measures. \n
- Ingestion points: Untrusted data enters the context via Google Sheet URLs and local file paths (e.g., entries.csv) referenced in SKILL.md. \n
- Boundary markers: Absent. There are no delimiters or 'ignore embedded instructions' warnings provided to the agent to distinguish data from potentially malicious commands. \n
- Capability inventory: The agent performs data selection logic and has an 'Export winner' capability, which could be used to exfiltrate sensitive participant data if an injection occurs. \n
- Sanitization: Absent. No validation or filtering of external content is defined. \n- [NO_CODE] (LOW): The skill consists solely of documentation (SKILL.md) and lacks executable scripts or tool definitions. This means claims of 'cryptographically secure randomness' are unverifiable and rely entirely on the underlying agent's default behavior, which may not meet these standards.
Recommendations
- AI detected serious security threats
Audit Metadata