docyrus-email-template-design
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
docyrusCLI (e.g.,docyrus studio create-email-template,docyrus messaging email send) to perform legitimate template management and testing operations. These commands are necessary for the skill's primary purpose. - [PROMPT_INJECTION]: The skill implements Handlebars templating (
{{field}}) which creates an inherent surface for indirect prompt injection by processing external record data. - Ingestion points: Record data retrieved from Docyrus platform data sources (e.g., in
SKILL.mdandreferences/templating.md). - Boundary markers: Standard Handlebars
{{ }}delimiters are used to identify record fields. - Capability inventory: Commands for creating and updating templates, as well as executing test sends via automation action nodes or messaging CLI commands.
- Sanitization: Reference documentation explicitly notes that Handlebars performs HTML escaping by default for variable interpolation.
Audit Metadata