raffle-winner-picker
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, hardcoded credentials, or unauthorized network operations were found in the skill content. The skill describes a legitimate utility for giveaway management.- [NO_CODE]: The skill is composed entirely of markdown instructions without any associated scripts, executables, or configuration files that could pose a runtime risk.- [PROMPT_INJECTION]: The skill's primary function involves processing external data (Google Sheets and local files), which creates an inherent surface for indirect prompt injection.
- Ingestion points: External URLs (Google Sheets) and local files (CSV, Excel).
- Boundary markers: The instructions do not explicitly include delimiters or warnings to ignore potential instructions embedded within the attendee data.
- Capability inventory: The skill requires the agent to read and parse external content.
- Sanitization: There are no specific instructions for sanitizing or validating the data entries before selection.
Audit Metadata