news-signal-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design, as it ingests and processes content from external, untrusted URLs such as news articles, LinkedIn posts, and tweets. This could allow an attacker to influence the agent's behavior by embedding instructions in the source content.
- Ingestion points: External data enters the agent context in
Step 1(fetching URLs) and through web searches inStep 2andStep 4(company and contact research). - Boundary markers: The skill documentation does not provide specific instructions to use boundary markers or explicit prompts to ignore instructions found within the processed news items.
- Capability inventory: The skill possesses significant capabilities including file writing for configuration storage (
Step 0), web searching, and outreach drafting/sending via external tools (Step 5andStep 6). - Sanitization: No sanitization or validation logic is defined for the fetched external content before it is passed to the LLM for analysis and outreach generation.
Audit Metadata