list-segment-builder

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill incorporates robust security instructions to mitigate indirect prompt injection by explicitly directing the agent to treat all user-provided data (CSV, CRM, and ESP exports) as untrusted and to disregard any instructions contained within those files.
  • [SAFE]: Privacy is protected through instructions that forbid the echoing of raw personally identifiable information (PII) like email addresses, instead requiring the agent to work with aggregate or hashed descriptions of the data segments.
  • [SAFE]: Network operations and command execution are restricted to a local connector script (resend.py) used for syncing data with the Resend email platform, which is an established service and consistent with the skill's marketing purpose.
  • [SAFE]: The skill adheres to the principle of least privilege by acting as a read-only consumer of the local consent registry, ensuring it does not overwrite sensitive authorization records.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — list-segment-builder