raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): No scripts (.py, .js, .sh), binaries, or dependency configuration files (requirements.txt, package.json) are present. The skill operates solely through prompt-based instructions.\n- [PROMPT_INJECTION] (LOW): This skill defines a workflow vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data from external sources.\n
- Ingestion points: Processes data from Google Sheets (
[Sheet URL]), local CSV files (entries.csv), and Excel files (contest-entries.xlsx).\n - Boundary markers: Absent. The instructions do not provide delimiters (e.g., XML tags) or specific directives to ignore instructions embedded within the cell data of the processed files.\n
- Capability inventory: The skill requires the agent to have file-reading and web-browsing capabilities to access the prize entry lists.\n
- Sanitization: Absent. There are no instructions to sanitize, escape, or validate the content of the spreadsheet rows before processing them, which could allow an attacker to embed prompts that override the agent's behavior during the selection process.
Audit Metadata