workshop-attendance-confirmation
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [CREDENTIALS_UNSAFE]: The file references/real-responses.md contains a Zoom meeting passcode embedded within a URL parameter (pwd=eUZQVUdLMWF4UHJTZ3Vlc3ZYKzRrdz09). Although this is likely for a past event, it represents the inclusion of hardcoded credentials in the reference data.\n- [PROMPT_INJECTION]: The skill exhibits several risk factors related to hidden content and untrusted data handling:\n
- Obfuscation: Large blocks of zero-width characters (including U+200B, U+200C, U+200D, U+200E, U+200F, and U+FEFF) are present in references/real-responses.md. These characters are typically used in email templates to manage preheader snippets but function as obfuscated content hidden from the visible text.\n
- Indirect Prompt Injection: The skill is designed to process and respond to customer inquiries, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Customer question and email blocks within references/canonical.md, references/edge-cases.md, references/real-responses.md, and references/variations.md.\n
- Boundary markers: The skill lacks explicit instructions or delimiters that define customer input as untrusted or instruct the agent to ignore embedded commands.\n
- Capability inventory: The skill defines patterns for generating text-based email responses. No external tool execution, network operations, or file system access is defined in the provided files.\n
- Sanitization: No logic for sanitizing, validating, or filtering customer input is described or implemented.\n- [NO_CODE]: This skill consists entirely of Markdown instructions and reference data files. It does not include any scripts, executables, or code-based logic.
Audit Metadata