Skills
skills/thierryteisseire/woodpecker-skill/woodpecker-campaign/Gen Agent Trust Hub

woodpecker-campaign

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill possesses a potential surface for indirect prompt injection because it ingests and processes external prospect data without sanitization.
  • Ingestion points: The prospects_list argument in the enroll_prospects function within scripts/setup_campaign.py receives external prospect data.
  • Boundary markers: No specific delimiters or safety instructions are used to isolate user-provided data within the API payloads.
  • Capability inventory: The script uses the requests library to perform network POST operations to Woodpecker API endpoints (api.woodpecker.co).
  • Sanitization: The script does not perform input validation or escaping on prospect fields (like email or snippets) before they are sent to the remote API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:47 PM