outreach-sender

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted data from external prospects to generate email content.
  • Ingestion points: Prospect data and 'signals' (e.g., funding announcements, hiring posts, competitor mentions) are read from memory/pipeline.json and interpolated into email templates.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when processing external data through the cold-email and humanizer skills.
  • Capability inventory: The skill possesses the ability to send emails via the orth Gmail integration and communicates with the user via Telegram.
  • Sanitization: There is no evidence of explicit validation or sanitization of the prospect-supplied fields before they are used in the email drafting process.
  • Mitigation: A robust 'Human In The Loop' (HITL) process is mandatory; the skill presents drafts for manual CEO approval via Telegram before any network operation (sending) occurs, significantly mitigating the risk of automated injection attacks.
  • [COMMAND_EXECUTION]: The skill utilizes the orth utility to execute shell commands (orth run gmail /send-email) for sending emails. The command construction involves dynamic interpolation of email bodies and recipient details into a JSON payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:54 AM
Security Audit — agent-trust-hub — outreach-sender