picky-assist
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the Picky Assist API (such as contact lists, conversations, and tags) and provides capabilities to execute actions and arbitrary HTTP requests. This creates an indirect prompt injection surface where malicious content in the external data could attempt to influence the agent's behavior.
- Ingestion points: Data fetched via
membrane action runandmembrane requestfrom the Picky Assist platform. - Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore instructions embedded in the retrieved data.
- Capability inventory: The skill allows the agent to list and run actions (
membrane action run) and perform raw HTTP requests (membrane request) with full authentication headers. - Sanitization: Absent; there is no mention of escaping or validating the content retrieved from the external API before the agent processes it.
Audit Metadata