raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of documentation and instructions without any accompanying executable scripts or binaries.
- [PROMPT_INJECTION]: Indirect prompt injection surface detected.
- Ingestion points: The skill is designed to process external data sources including Google Sheets via URL, and local CSV or Excel files as described in
SKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to separate the data content from the agent's instructions.
- Capability inventory: The skill relies on the agent's ability to read files and access external URLs to retrieve entry data.
- Sanitization: No sanitization or validation of the input data is described in the skill instructions.
Audit Metadata