icp-prompt-builder
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local TypeScript script (
scripts/score-batch.ts) usingnpx tsx. This script is used to apply the tuned prompt to large datasets of companies. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by ingesting untrusted data from external sources and interpolating it into prompts.
- Ingestion points: The skill reads company data (domain, name, industry, description) from CSV files and client profiles from
client-profile.yaml. - Boundary markers: The provided prompt template does not include explicit boundary markers or delimiters to separate instructions from the data being evaluated.
- Capability inventory: The skill possesses the capability to execute shell commands (
npx tsx) and write files to the user's home directory (~/cold-email-ai-skills/profiles/). - Sanitization: There is no evidence of sanitization or validation performed on the company descriptions or other fields before they are included in the prompt preamble.
- [DATA_EXPOSURE]: The skill accesses and modifies files in the user's home directory, specifically within the
~/cold-email-ai-skills/path, to store tuned prompts and update client profiles.
Audit Metadata