analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, specifically email threads, call transcripts, and chat messages. This creates a surface for indirect prompt injection, where an attacker could embed malicious instructions within a conversation to manipulate the agent's analysis, research tool usage, or generated follow-up messages.\n
- Ingestion points: User-pasted content or file paths in 'Step 1: Get Content to Analyze' (SKILL.md).\n
- Boundary markers: None identified in the prompt instructions to isolate untrusted data from the system instructions.\n
- Capability inventory: Uses MCP tools for research (find_person, find_company), knowledge base searches (search_knowledge_base), and content generation (generate_content, generate_email).\n
- Sanitization: No explicit sanitization or validation of the input content is described in the workflow.\n- [COMMAND_EXECUTION]: The skill provides a feature to read content from a user-specified file path. This capability could be exploited to access sensitive local files if the agent is not restricted to a specific workspace or if the path input is not validated.\n
- Evidence: Step 1 in SKILL.md explicitly lists 'Provide a file path' and 'read from file' as a method to obtain content for analysis.
Audit Metadata