Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface where untrusted user input is interpolated into email content.
- Ingestion points: The parameters
usernameandorderReferenceinmain.moare used to construct the email body. - Boundary markers: None. There are no delimiters or instructions provided to the agent to ignore potentially malicious content within these variables.
- Capability inventory: The skill utilizes the
EmailClient.sendServiceEmailfunction to send emails to external recipients. - Sanitization: No sanitization or escaping of the input variables is performed before they are concatenated into the final body string, which could allow for content injection.
Audit Metadata