outreach-sequence-builder
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it interpolates business context from user input and local files into AI prompts. \n
- Ingestion points: Reads from docs/icp.md, docs/accounts/, and user-provided signals in SKILL.md. \n
- Boundary markers: Absent; data is placed directly into the Gemini API request payload. \n
- Capability inventory: Can write files to docs/sequences/, read local files, and create email drafts via the Composio Gmail tool. \n
- Sanitization: Absent; no validation or escaping of the ingested data is performed. \n- [COMMAND_EXECUTION]: Local shell commands are used to verify settings and process API responses. \n
- Evidence: Executes curl to communicate with Google's Gemini API and pipes the result to python3 for JSON parsing in SKILL.md. \n- [EXTERNAL_DOWNLOADS]: Interacts with an external AI service to generate content. \n
- Evidence: Connects to generativelanguage.googleapis.com to send context and receive outreach messages. This targets a well-known service domain.
Audit Metadata