Skills
skills/wadewarren/gws-claude-plugin/persona-hr-coordinator/Gen Agent Trust Hub

persona-hr-coordinator

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection vulnerabilities due to the processing of untrusted external content.
  • Ingestion points: Untrusted data enters the agent context through gws-gmail (email requests) and gws-drive (onboarding documents) as specified in SKILL.md.
  • Boundary markers: The instructions lack explicit delimiters or specific directives to ignore instructions embedded within the ingested emails or documents.
  • Capability inventory: The skill possesses capabilities for network-adjacent and file operations via the gws binary tools, including gws gmail +send, gws drive +upload, and gws workflow +file-announce (Chat).
  • Sanitization: Although the tips suggest using a --sanitize flag for PII, this is not a mandatory constraint in the core instructions to mitigate instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:56 PM