client-packet-engine
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: The skill ingests untrusted data from user-provided URLs in
SKILL.mdduring Phase 1 (Intelligence Gathering) and Phase 3 (Strategy Execution) via tools likereview-scraper,web-archive-scraper, andluma-event-attendees.\n - Boundary markers: The instructions do not define any delimiters or explicit boundary markers to isolate external web content from the agent's reasoning or to prevent the agent from following instructions embedded in the target websites.\n
- Capability inventory: The skill utilizes exploitable capabilities such as
email-drafting(for outreach sequences) andcontent-asset-creator(for generating HTML assets), which are direct sinks for the ingested untrusted data.\n - Sanitization: No sanitization, filtering, or validation logic is specified to check the content of external websites before it is processed by generative sub-skills.
Audit Metadata