campaign-orchestrator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill documentation specifies requiring a plaintext password (
GOG_KEYRING_PASSWORD) in environment variables for Gmail access, which is an unsafe practice susceptible to exposure. - DATA_EXFILTRATION (MEDIUM): The
webhook_handler.pyscript starts an unauthenticated network service usingHTTPServerto receive external webhook data, creating a potential attack vector for unauthorized state manipulation. - COMMAND_EXECUTION (MEDIUM): The skill uses the system
cronservice for task persistence and schedules the execution of external CLI tools and Python scripts (e.g.,gog-shapescale,attio) that are not provided in the source files, preventing a full audit of executed commands. - PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. 1. Ingestion points:
webhook_handler.pyPOST body containing SMS text. 2. Boundary markers: Absent; data is stored directly incampaigns.json. 3. Capability inventory: Automated SMS, email, and CRM command execution. 4. Sanitization: Absent; the raw message content is processed and saved without filtering.
Audit Metadata