ravi
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a specialized CLI (ravi) to manage identities, perform communication tasks, and interact with a secret store.
- [DATA_EXFILTRATION]: The instructions prompt the agent to send feedback about its operations to feedback@ravi.id. This practice creates a potential channel for sensitive workflow data to be transmitted to an external endpoint associated with the vendor.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its inbox management features. * Ingestion points: Untrusted data enters the agent context when reading emails and SMS messages via the ravi inbox commands. * Boundary markers: There are no defined delimiters or instructions to prevent the agent from following malicious commands embedded in received messages. * Capability inventory: The agent can send emails, manage contacts, and modify passwords or secrets using the available toolset. * Sanitization: There are no documented procedures for sanitizing or filtering the content of incoming messages before processing.
Audit Metadata