Chase
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection due to its core functionality of processing external data.\n- Ingestion points: The skill ingests untrusted data from external sources via the 'web_search' tool (Layer 2) and 'RAG transcript search' (Layer 3) to inform the generation of chase messages.\n- Boundary markers: The instructions do not explicitly require the use of delimiters or 'ignore embedded instructions' markers when the agent processes retrieved web data or transcript findings.\n- Capability inventory: The agent has the capability to generate and suggest email content ('email_body') and multi-channel strategies, creating a potential path for malicious external content to influence the final output.\n- Sanitization: There is no mention of sanitization or validation of the ingested external content before it is interpolated into the agent's context for message composition.
Audit Metadata