Skills
skills/psquared-development/psquared-skills/inboxmate-batch-demo/Gen Agent Trust Hub

inboxmate-batch-demo

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill is instructed to read the .env file in the current directory to extract PSQUARED_CRM_TOKEN, NUXT_MCP_DEMO_TOKEN, and OPENBRAND_API_KEY for use in subsequent steps. These credentials facilitate communication with the vendor's CRM and related services.
  • [INDIRECT_PROMPT_INJECTION]: The skill evaluates content from external websites and CRM records to decide whether to create a demo or disqualify a prospect. This processing of untrusted data represents an injection surface.
  • Ingestion points: CRM GraphQL API responses from crm.psquared.dev and external website content retrieved via the WebFetch tool.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when the agent analyzes the website content.
  • Capability inventory: The skill can perform write operations (mutations) on the CRM to create or modify opportunities and can invoke the /inboxmate-demo skill.
  • Sanitization: No sanitization, filtering, or validation of the external website data is performed prior to the agent's evaluation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 05:46 AM