trainer-create-invitation-email
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or reveal system prompts. The content is strictly limited to email generation logic.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations (curl, fetch) were detected.
- Indirect Prompt Injection (LOW/INFO): The skill has a data ingestion surface but no dangerous capabilities.
- Ingestion points: User-provided training details (Program, Audience, Value, Tone) used to populate templates.
- Boundary markers: Absent; the skill relies on the LLM's natural language understanding to interpolate fields.
- Capability inventory: No subprocess calls, file writing, or network operations; the skill only generates text output.
- Sanitization: None provided, but impact is negligible as output is restricted to display-only text.
- Execution Security (SAFE): The skill contains no Python, Node.js, or shell scripts. There is no risk of remote code execution or privilege escalation.
Audit Metadata