intelligems-segment-spotlight
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local Python script (
spotlight.py) within a virtual environment. This is the primary intended behavior for data processing. - [DATA_EXFILTRATION] (LOW): Provides an option to send analysis results to an external Slack webhook. This is a legitimate feature but involves sending potentially sensitive business data to an external endpoint.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). The skill processes external data from the Intelligems API.
- Ingestion points: Data fetched from the Intelligems API and processed by
spotlight.py. - Boundary markers: No specific delimiters or instructions are provided to the agent to ignore embedded instructions within the API response.
- Capability inventory: Includes local script execution and outbound network requests (Slack).
- Sanitization: Instructions do not specify any sanitization of the API data before it is presented conversationally.
Audit Metadata