investment-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill references absolute local file paths (e.g.,
file:///Users/sargupta/SahayakAIV2/...) to read sensitive internal documents such asINVESTOR_MATERIALS.mdandCHALLENGING_QUESTIONS.md. This practice exposes the user's local directory structure and project-sensitive data to the agent context. - [PROMPT_INJECTION]: The workflow incorporates an indirect prompt injection surface via external data ingestion.
- Ingestion points: Results from the
search_webtool used to research recipient profiles and firm statements. - Boundary markers: The skill does not define clear boundaries or delimiters to separate internal project context from untrusted data retrieved from the web.
- Capability inventory: The agent has permissions to read local files, perform web searches, and generate structured outreach drafts.
- Sanitization: There is no evidence of sanitization or validation logic to filter potentially malicious instructions embedded in the external search results.
Audit Metadata