Skills
skills/psquared-development/psquared-skills/analyse-inboxmate/Gen Agent Trust Hub

analyse-inboxmate

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill documents the specific local filesystem path for sensitive environment variables at /Users/martinpammesberger/Documents/psquared/claude-overlord-folder/.env. This file is described as containing multiple service tokens and API keys (e.g., PSQUARED_CRM_TOKEN, ACKEE_TOKEN).\n- [COMMAND_EXECUTION]: The skill references a high-privilege tool mcp__plugin_supabase_supabase__execute_sql which allows for arbitrary SQL execution against the production AgentHub database. While documented for administrative use, this capability presents a risk of unauthorized data access or modification.\n- [PROMPT_INJECTION]: The skill identifies an Indirect Prompt Injection surface within the InboxMate knowledge pipeline:\n
  • Ingestion points: External data is ingested via web scraping using Tavily/Firecrawl (mentioned in the scrape_and_build_knowledge tool).\n
  • Boundary markers: There are no instructions or delimiters provided to signal the agent to ignore instructions embedded within the scraped content.\n
  • Capability inventory: The ecosystem includes tools for SQL execution, email drafting/sending via the Notification service, and modifying agent knowledge bases.\n
  • Sanitization: No validation or sanitization procedures are described for data retrieved from external URLs before it is processed by the RAG system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:03 PM