newsletter-digest
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the ingestion and processing of external newsletter content.
- Ingestion points: Untrusted data enters the agent context via the
gog gmail thread getcommand inSKILL.md, which retrieves the full body of unread newsletters. - Boundary markers: The instructions lack explicit delimiters or safety warnings to treat the email content as data rather than instructions, increasing the risk of the agent following commands embedded in the email text.
- Capability inventory: The skill uses the
Bashtool to interact with theobsidianCLI (append files) and thegogutility (search/get/archive emails). A successful injection could leverage these tools to modify local files or manipulate the user's email account. - Sanitization: There is no evidence of sanitization, escaping, or validation of the extracted content before it is interpolated into shell commands for the Obsidian CLI.
Audit Metadata