email-writer
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The 'Output Location' section of the template usage instructions directs the agent to save files to a path containing the '{descriptor}' placeholder. This represents an indirect prompt injection surface where a malicious user-provided value could attempt path traversal if the agent does not implement its own sanitization logic.
- Ingestion Points: The '{descriptor}' placeholder located in the template instructions.
- Boundary markers: Brackets ([]) and braces ({}) are used for templating but provide no security boundary or escaping for the content.
- Capability inventory: File system write operations (saving the generated email to the /claudedocs/ directory).
- Sanitization: No input validation or path sanitization instructions are included in the skill definition.
Audit Metadata