agent-send
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires sensitive environment variables (DISCORD_BOT_TOKEN, TELEGRAM_BOT_TOKEN) to function, which are used to authenticate with external messaging platforms.
- [DATA_EXFILTRATION]: The skill provides capabilities to send arbitrary text and file attachments to external domains including Discord, Telegram, and Slack. This represents a data exposure surface if the agent is manipulated into sending sensitive files from the local environment to these external platforms.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its multi-agent collaboration features.
- Ingestion points: Data enters the agent's context via the agentResponse field when waiting for responses from external agents using the sendToAgentAndWait function.
- Boundary markers: None detected. The documentation does not demonstrate the use of delimiters or instructions to ignore embedded commands when processing external agent output.
- Capability inventory: The skill can perform network operations (sending messages) and access file buffers (attachments).
- Sanitization: No evidence of sanitization, escaping, or validation of the content received from external agents before it is interpolated into subsequent prompts or logic.
Audit Metadata