stall-rescue
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection attack surface identified. The skill ingests untrusted data from external sources to generate content. Ingestion points: User signup data from PostHog (Step 2) and web search results from Exa (Step 4). Boundary markers: Not explicitly defined. Capability inventory: Capability to send emails via Gmail (Step 7). Sanitization: Mandatory human review (Step 6) acts as a critical security control, preventing the automated delivery of potentially malicious content.
Audit Metadata