cold-email-kickoff
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate orchestration of a cold email setup workflow. It verifies the presence of required infrastructure and configuration files without performing unauthorized network operations.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from external websites and case studies via sub-skills (e.g.,
/icp-onboarding). - Ingestion points: External website content and case study files read during the ICP and strategy generation phases in SKILL.md.
- Boundary markers: No explicit boundary markers or delimiters for untrusted content are defined in the orchestrator script.
- Capability inventory: File creation and modification within the
profiles/directory, and conditional logic for tool invocation. - Sanitization: The skill relies on the underlying LLM's safety filters and the implementation of invoked sub-skills to sanitize ingested content.
- [CREDENTIALS_UNSAFE]: The skill references several API keys (Smartlead, Prospeo, MillionVerifier) but correctly instructs the user to store them in a local
.envfile and merely verifies their presence. This aligns with recommended secret management practices.
Audit Metadata