docyrus-email-template-design

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the docyrus CLI (e.g., docyrus studio create-email-template, docyrus messaging email send) to perform legitimate template management and testing operations. These commands are necessary for the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill implements Handlebars templating ({{field}}) which creates an inherent surface for indirect prompt injection by processing external record data.
  • Ingestion points: Record data retrieved from Docyrus platform data sources (e.g., in SKILL.md and references/templating.md).
  • Boundary markers: Standard Handlebars {{ }} delimiters are used to identify record fields.
  • Capability inventory: Commands for creating and updating templates, as well as executing test sends via automation action nodes or messaging CLI commands.
  • Sanitization: Reference documentation explicitly notes that Handlebars performs HTML escaping by default for variable interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 06:32 PM
Security Audit — agent-trust-hub — docyrus-email-template-design