Skills
skills/psquared-development/psquared-skills/inboxmate-batch-demo/Gen Agent Trust Hub

inboxmate-batch-demo

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses the .env file in the current working directory to retrieve sensitive API tokens, including PSQUARED_CRM_TOKEN, NUXT_MCP_DEMO_TOKEN, and OPENBRAND_API_KEY. While necessary for functionality, this involves access to a sensitive configuration file path.
  • [EXTERNAL_DOWNLOADS]: Uses WebFetch to retrieve content from third-party prospect domains to determine their suitability for demo creation based on various skip criteria.
  • [COMMAND_EXECUTION]: Automates data modification via GraphQL mutations on the Twenty CRM at https://crm.psquared.dev/graphql and invokes the /inboxmate-demo skill to update prospect records without human-in-the-loop confirmation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external web content retrieved during the validation step.
  • Ingestion points: Fetches content from prospect domains using WebFetch (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing fetched content.
  • Capability inventory: Performs CRM updates and triggers external demo pipelines (SKILL.md).
  • Sanitization: No evidence of content sanitization or validation of the content fetched from external domains.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 09:59 AM