find-email-by-name
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
orthCLI tool to interact with external APIs. It specifically instructs the agent to use separate query flags (-q) instead of joining parameters with&to prevent shell injection vulnerabilities during command construction. - [PROMPT_INJECTION]: The skill accesses
MEMORY.mdto retrieve context regarding customer profiles and targets. This is an indirect prompt injection surface asMEMORY.mdmay contain untrusted data that could influence agent behavior. - Ingestion points: Reads from
MEMORY.mdto establish context. - Boundary markers: None specified for the data read from memory.
- Capability inventory: Shell command execution via the
orthCLI tool. - Sanitization: The skill explicitly mitigates shell injection risks by mandating a specific command-line argument format.
Audit Metadata