early-access-email-sequence
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted external data.
- Ingestion points: The skill uses
WebSearchandWebFetchin Phases 1 and 2 (defined inSKILL.md) to retrieve content from LinkedIn-related search results and company websites. - Boundary markers: The instructions do not define clear delimiters or use system-level warnings to separate the retrieved web content from the agent's core instructions, making it possible for malicious text on a processed website to hijack the agent's context.
- Capability inventory: The skill possesses significant capabilities, including writing to external Notion databases (
notion-create-pages,notion-create-database) and performing further web operations, which could be abused if an injection is successful. - Sanitization: There is no evidence of content filtering, escaping, or validation of the data fetched from the web before it is interpolated into email generation templates or database properties.
Audit Metadata