send-message
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates communication via the Zavu API, authored by 'zavudev'. The documented behaviors are consistent with its intended use and no malicious activities were found.
- [PROMPT_INJECTION]: The skill handles untrusted data in message fields, which constitutes a surface for indirect prompt injection. 1. Ingestion points: Message text, subject, and body parameters in SKILL.md. 2. Boundary markers: None present in the code examples. 3. Capability inventory: Network transmission via the zavu.messages.send function. 4. Sanitization: No sanitization is explicitly demonstrated. This is a standard characteristic of messaging tools and is not considered a threat in this context.
Audit Metadata