raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external files which could contain malicious instructions.\n
- Ingestion points: Processes data from Google Sheet URLs and local files (CSV, Excel, plain text) provided by the user.\n
- Boundary markers: There are no instructions to use delimiters or to specifically ignore embedded commands in the source data.\n
- Capability inventory: The skill reads and interprets file content to select and display winner details, which could be exploited if the data contains instructions targeted at the agent.\n
- Sanitization: No sanitization or validation of the input data is described in the prompt.\n- No Code (SAFE): The skill is composed entirely of a markdown file and contains no scripts, binaries, or package dependencies.
Audit Metadata