email-triager
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data (emails) which may contain malicious instructions intended to manipulate the agent's output or drafting behavior.
- Ingestion points:
SKILL.md(Batch Processing and Triage sections indicate the agent will read provided email text). - Boundary markers: Absent. The skill does not instruct the agent to distinguish between its own system instructions and the content of the emails.
- Capability inventory: Categorization, sentiment analysis, and drafting of context-aware replies.
- Sanitization: Absent. There is no logic to filter or escape instructions embedded within email bodies.
- [External Downloads] (LOW):
SKILL.mddirects users tohttps://afrexai-cto.github.io/context-packsfor additional functionality. This domain is not on the Trusted External Sources list. While the skill does not automatically execute code from this URL, it encourages the manual addition of unverified external data to the agent's environment.
Audit Metadata