Daily Briefing
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. * Ingestion points: Processes untrusted external data from Email (unread/flagged), CRM (follow-ups), and Web Search (News) as defined in SKILL.md. * Boundary markers: None identified. There are no instructions or delimiters provided to separate fetched data from the system's instructions. * Capability inventory: The agent possesses high-privilege read access to the user's personal productivity data. * Sanitization: None identified. A malicious email or a poisoned news article could inject instructions into the agent's context, leading to unauthorized actions or data leakage.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The README.md encourages users to download additional 'context packs' and workflow automations from a non-trusted GitHub Pages site (afrexai-cto.github.io), which falls outside of the verified trusted source scope.
Recommendations
- AI detected serious security threats
Audit Metadata