outreach-script-generator

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [SAFE]: The skill is authored by 'aliyun' and utilizes official 'aliyun.com' endpoints for its Model Context Protocol (MCP) data services (dashscope.aliyuncs.com). This alignment between author and infrastructure is a strong indicator of legitimacy.
  • [NO_CODE]: The skill consists entirely of markdown instructions and does not include any executable scripts, binary files, or installation commands, significantly reducing its attack surface.
  • [DATA_EXFILTRATION]: The skill handles sensitive client data such as assets under management (AUM) and portfolio holdings. This access is integral to the skill's design for generating personalized financial scripts and is conducted via authorized vendor tools without evidence of unauthorized transmission to external domains.
  • [PROMPT_INJECTION]: The skill processes external news from financial APIs, creating a potential surface for indirect prompt injection. 1. Ingestion points: SearchFinancialNews and NewsInfoList tools. 2. Boundary markers: None specified. 3. Capability inventory: Generates markdown text for human-to-human phone scripts. 4. Sanitization: Not explicitly defined. The risk is assessed as safe because the output is directed to a human-readable script template and does not trigger automated system functions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:41 AM
Security Audit — agent-trust-hub — outreach-script-generator