campaign-execution
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion process.
- Ingestion points: The skill reads lead names, company information, and personalized content from files such as LIST.md, CAMPAIGN.md, and research.md in the .business_growth/ directory.
- Boundary markers: There are no delimiters or explicit instructions to ignore embedded commands when processing these files.
- Capability inventory: The agent has the ability to navigate the web, input text into forms, click on-screen elements, and take screenshots using browser tools.
- Sanitization: There is no evidence of validation or sanitization of lead-specific data before it is interpolated into message templates.
- [COMMAND_EXECUTION]: The skill uses high-privilege browser automation tools.
- It utilizes tools like navigate, form_input, and the computer tool for clicking and scrolling. While these are intended for legitimate outreach, they represent a significant attack surface if the agent is manipulated by malicious input in the campaign data files.
Audit Metadata