email-composer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection by incorporating unverified data from web searches into the drafting process.
- Ingestion points: The skill uses the
search_webtool to gather context about recipients from external sources, as noted in theSKILL.mdworkflow. - Boundary markers: No specific delimiters or instructions are provided to isolate the research results or instruct the agent to ignore any embedded instructions within them.
- Capability inventory: The primary capability is text generation for email correspondence based on gathered research.
- Sanitization: The skill lacks explicit sanitization or validation steps for the content retrieved from external websites.
Audit Metadata