Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to manage email templates and configurations which ingest untrusted data. 1. Ingestion points: The skill processes EJS templates located in
views/emails/and configuration settings inconfig/mail.js. 2. Boundary markers: No specific delimiters or safety instructions to ignore embedded data commands were observed in the rule summaries. 3. Capability inventory: The agent is granted capabilities to modify application source code, create file system structures for templates, and configure network transports for SMTP or Resend providers. 4. Sanitization: The skill relies on default framework escaping and does not explicitly mandate additional sanitization for user-provided data within the generated patterns.
Audit Metadata