persona-project-manager
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external, potentially untrusted sources.\n
- Ingestion points: The skill reads data from Gmail messages, Google Drive files, and Google Sheets updates via the required sub-skills (gws-gmail, gws-drive, gws-sheets) as described in SKILL.md.\n
- Boundary markers: There are no instructions provided in SKILL.md for the agent to use delimiters or to ignore embedded instructions within the processed data.\n
- Capability inventory: The agent has the ability to perform write operations across multiple services, such as sending emails (gws gmail +send) and uploading files (gws drive +upload), which could be abused if malicious instructions are encountered in the processed data.\n
- Sanitization: The skill lacks explicit instructions for validation or sanitization of the data retrieved from external services.
Audit Metadata