personalization-at-scale-skill
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: The skill ingests untrusted data from user-provided CSV files and researches external content including LinkedIn profiles, activity (posts, comments), and company news mentions (SKILL.md).
- Boundary markers: The instructions do not use explicit delimiters (such as XML tags or triple quotes) to separate user/external data from system instructions, nor do they include warnings to the agent to ignore instructions embedded within the research data.
- Capability inventory: The agent has the capability to write JSON files to the local file system at
~/.claude/skill-analytics/for telemetry and logging purposes (SKILL.md). - Sanitization: There are no instructions for sanitizing, validating, or escaping external content before it is processed and interpolated into the generated outreach messages.
Audit Metadata