focus-keeper

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions command the agent to suppress internal reasoning and state logic from its output (e.g., 'BANNED in output: Rules:, state values, decision logic'). This concealment reduces transparency for the user regarding how the agent processed its instructions and state.
  • [PROMPT_INJECTION]: The skill processes untrusted data from prospect lists and hypotheses to generate outreach content, which is a surface for indirect prompt injection.
  • Ingestion points: Data is read from pipeline.json and hypotheses.json.
  • Boundary markers: Absent; there are no instructions to use delimiters or sanitization logic when processing prospect data.
  • Capability inventory: The skill can send emails, post to LinkedIn, and manage calendar events via integrated tools.
  • Sanitization: No explicit validation or escaping of external lead data is defined.
  • [DATA_EXFILTRATION]: The skill reads business data from local files and transmits it to external communication platforms (Gmail, LinkedIn) through specialized outreach tools. While this constitutes data movement to the network, it is the primary purpose of the skill and requires user approval before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:55 AM
Security Audit — agent-trust-hub — focus-keeper