clockwork-alert-router
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection through its data processing workflow.
- Ingestion points: The skill ingests untrusted data from the output records of
clockwork-compliance-checkinreferences/workflows/alert-routing-workflow.md. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands defined when processing the compliance records.
- Capability inventory: The skill has the capability to send emails via Gmail MCP and create or update issues via the
mcp-atlassianJira MCP, as defined inSKILL.md. - Sanitization: No evidence of sanitization, escaping, or validation of the ingested compliance data is present before it is interpolated into notification templates.
Audit Metadata