funding-signal-outreach
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its workflow depends on ingesting and processing untrusted data from external environments.
- Ingestion points: Data enters the agent's context through user-provided company lists (Step 0) and results from automated web searches for funding announcements (Step 1).
- Boundary markers: The instructions do not define delimiters or specific system instructions to ignore potential commands that could be embedded within the external company data or web search snippets.
- Capability inventory: The skill utilizes
web-searchand has the ability to write campaign packages to the local file system, which could be exploited if malicious instructions are successfully injected via external content. - Sanitization: There is no evidence of sanitization or schema validation mentioned to filter or escape content retrieved from the web before it is used for automated reasoning and email drafting.
Audit Metadata