broadcast-campaign
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats detected. The skill provides documentation and code examples for using the 'zavu' messaging API to create, manage, and monitor broadcasts.
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection through the use of template variables and message text. 1. Ingestion points: Untrusted data enters the context via the
textfield inzavu.broadcasts.createandtemplateVariablesinzavu.broadcasts.contacts.add(documented inSKILL.md). 2. Boundary markers: The skill uses{{variable}}syntax for interpolation but does not specify explicit security boundaries. 3. Capability inventory: The skill has the capability to send messages via SMS, WhatsApp, Email, and Telegram (documented inSKILL.md). 4. Sanitization: The documentation notes that message content triggers an 'AI content review' before sending, which serves as a safety control to mitigate malicious content.
Audit Metadata