outbound-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data.
- Ingestion points: Step 1 explicitly asks for a "Sample: Best-performing email or script" from the user or the environment.
- Boundary markers: The skill lacks explicit instructions to isolate this untrusted content (e.g., wrapping in XML tags or using specific delimiters with instructions to ignore embedded commands).
- Capability inventory: The skill has access to sensitive tools including
Read,Write,Edit,WebSearch, andWebFetch. A malicious payload in an email sample could attempt to manipulate the agent into misusing these tools. - Sanitization: No sanitization, validation, or filtering of the provided email samples is defined.
Audit Metadata