poke-integrations
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill documents the integration of external data sources such as GitHub, Gmail, and Sentry. This creates a surface for indirect prompt injection where malicious content in external data (like a PR description or email) could attempt to influence the agent's behavior.
- Ingestion points: Data ingested from services like GitHub, Gmail, Outlook, Notion, and Sentry as described in
references/builtin-integrations.md. - Boundary markers: None explicitly defined in the provided instructional text.
- Capability inventory: The agent can perform actions via the Poke SDK and integrated tools.
- Sanitization: No specific sanitization methods for external data are described in these reference files.
- [COMMAND_EXECUTION]: The documentation describes the use of the vendor's CLI tool (
poke) to manage integrations. This is a standard and expected administrative feature of the platform. - [CREDENTIALS_UNSAFE]: The skill mentions the use of API keys and OAuth for authentication. Examples use safe placeholders (e.g.,
sk-xxx), and the documentation specifies that keys are stored encrypted by the service.
Audit Metadata