investor-audits
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read and transmit sensitive corporate data including cap tables, financials, EINs, and insurance details to external email addresses. This creates a risk of exfiltration if the recipient's identity is spoofed or if the agent is manipulated by external inputs.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through incoming email audit requests.
- Ingestion points: Incoming emails from the user's Gmail processed based on labels and keywords.
- Boundary markers: Absent; the instructions do not include delimiters or specific guidance to isolate untrusted email content from agent instructions.
- Capability inventory: The agent has read access to sensitive financial records (Excel and Markdown files) and the ability to compose and send emails via automated tools.
- Sanitization: No sanitization, structural validation, or sender verification is performed on the email body content before processing.
Audit Metadata