setup-email-drafts
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses the sensitive file '.env' to identify and retrieve API tokens for CRM and notification services.
- [COMMAND_EXECUTION]: Uses the 'source' command to load environment variables and 'curl' for multiple network interactions with vendor-controlled GraphQL and REST APIs.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Extracts contact and company details from external CRM GraphQL responses (SKILL.md).
- Boundary markers: Absent; no delimiters or instructions are used to distinguish untrusted data during processing.
- Capability inventory: Executes network requests via 'curl' to create records in the notification service (SKILL.md).
- Sanitization: Absent; external data is directly interpolated into prompts for generating personalized email hooks.
Audit Metadata