email-quality-auditor
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch its own reference documentation and benchmark definitions from the author's GitHub repository (github.com/aaron-he-zhu/aaron-marketing-skills) if they are missing from the local environment.
- [COMMAND_EXECUTION]: Executes local Python scripts (
resend.pyanddoh.py) located within the plugin's root directory. These scripts are used for read-only operations such as verifying DNS records (via DNS-over-HTTPS) and checking contact suppression status. - [DATA_EXPOSURE]: Accesses and processes user-provided email marketing exports (CSVs, DMARC reports, GA4 data). It writes audit results to the agent's internal memory paths (
memory/audits/email/). - [PROMPT_INJECTION]: Contains a vulnerability surface for indirect prompt injection via the untrusted data it processes (marketing exports). The skill mitigates this by instructing the agent to treat all data inside exports strictly as evidence and never as commands.
Audit Metadata