inbox-reply
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of incoming lead emails which presents a surface for indirect prompt injection.
- Ingestion points: Lead responses are fetched via the
/emailsendpoint in SKILL.md (Step 1 and Step 2). - Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore instructions embedded within the incoming email text when drafting replies.
- Capability inventory: The skill has the ability to send emails via the
/emails/replyendpoint and update lead metadata. - Sanitization: No content filtering or sanitization of the lead messages is described.
- Mitigation: The workflow includes robust human-in-the-loop controls, specifically requiring user review of drafts (Step 4) and explicit confirmation before sending (Step 5), which effectively mitigates the risk of unauthorized actions triggered by malicious input.
Audit Metadata