inboxmate-demo
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs research by fetching content from external prospect websites using the WebFetch tool to populate the chatbot's knowledge base.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from third-party websites (Ingestion point: Phase 1/WebFetch) and uses that data to programmatically generate system prompts and knowledge items (Capability: Phase 3/create_agent and add_to_bucket). The skill lacks explicit sanitization or boundary markers to differentiate between scraped data and agent instructions, potentially allowing an attacker who controls a scraped website to influence the resulting chatbot's behavior.
Audit Metadata