customer-win-back-sequencer
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from the web (search results, career pages, and review sites) and incorporating it into its reasoning logic and output generation for email sequences.
- Ingestion points: Phase 1 uses
web_searchandfetch_webpageto retrieve external content from sites like LinkedIn, G2, and various news outlets. - Boundary markers: The skill instructions do not define delimiters or specific constraints to prevent the agent from following malicious instructions that might be embedded in the fetched external content.
- Capability inventory: The agent has permissions to write reports to the file system and potentially trigger automated email campaigns via the
cold-email-outreachtool. - Sanitization: There is no evidence of sanitization, filtering, or validation of the fetched external data before it is interpolated into the agent's prompts.
- [EXTERNAL_DOWNLOADS]: Installs the skill and its dependencies (including
linkedin-profile-post-scraperandreview-site-scraper) via thenpx goose-skillscommand.
Audit Metadata