Skills
skills/psquared-development/psquared-skills/inboxmate-demo/Gen Agent Trust Hub

inboxmate-demo

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from external websites.
  • Ingestion points: Scraped content from prospect websites using the WebFetch tool (Phase 1b).
  • Boundary markers: Absent; external content is directly interpolated into the system prompt and knowledge items for the created agent.
  • Capability inventory: The agent can execute shell commands (curl) and invoke MCP tools that create and modify external platform entities (agents, buckets, CRM entries).
  • Sanitization: Absent; the skill does not implement validation or escaping for the content retrieved from external domains before using it in instructions.
  • [COMMAND_EXECUTION]: Uses curl to interact with the OpenBrand API (openbrand.sh) and the vendor's CRM GraphQL endpoint (crm.psquared.dev). These operations utilize environment variables for authentication to manage brand assets and opportunity records.
  • [EXTERNAL_DOWNLOADS]: Fetches data from external prospect websites to generate marketing copy and knowledge base entries for the demo chatbot.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:03 PM