cold-email-personalizer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected in the email generation process.
- Ingestion points: The skill reads lead information from CSV or JSON files provided by the user in Step 2.
- Boundary markers: The prompt template in Step 5 lacks delimiters (such as XML tags or triple quotes) to separate user-provided lead data from the system instructions, allowing potential malicious content in lead fields to override the agent's behavior.
- Capability inventory: The skill has the ability to read files, search the web via WebSearch, and write results to the local filesystem at ~/.claude/cache/cold-emails/.
- Sanitization: There is no evidence of input validation or sanitization for the fields extracted from data files before they are interpolated into the generation prompt.
Audit Metadata