cross-app-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown instructions and contains no executable code or scripts.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it is designed to process external, untrusted content.\n
- Ingestion points: The workflow reads data from emails, attachments, and files using tools like 'himalaya' and 'excel-analyzer' (see SKILL.md).\n
- Boundary markers: There are no explicit delimiters or instructions within the orchestration logic to isolate untrusted data from the agent's core instructions.\n
- Capability inventory: The skill coordinates tools with significant capabilities, including file system access and email transmission.\n
- Sanitization: The instructions do not define any sanitization or validation steps for the data being processed.
Audit Metadata