letterly-process
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external CSV files and interpolates it directly into Markdown files. Because the content is not sanitized or escaped, it creates a surface for indirect prompt injection where malicious instructions in the CSV could influence an agent reading the generated notes.
- [DATA_EXFILTRATION]: The script accesses hardcoded local paths, including Obsidian vault directories in the user's Documents and iCloud folders. While consistent with the skill's purpose, these locations may contain sensitive user information.
- [PROMPT_INJECTION]: Mandatory Evidence Chain: (1) Ingestion points: scripts/process.py reads data from Letterly-export CSV files in the unprocessed directory. (2) Boundary markers: Uses standard Markdown frontmatter delimiters (---) but lacks explicit instructions to ignore embedded commands. (3) Capability inventory: The script performs file writes and file deletion (os.remove). (4) Sanitization: No sanitization is performed on the title or text fields extracted from the CSV before they are written to Markdown files.
Audit Metadata