cold-outreach

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill does not exhibit any malicious patterns such as credential theft, persistence, or data exfiltration. The instructions and reference files are purely focused on outreach strategy and message quality.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from prospects (e.g., quotes from posts or social media signals) to personalize messages, creating an indirect prompt injection surface.
  • Ingestion points: Target information and prospect quotes are read by the Signal Analyst and Composer agents to generate observation lines.
  • Boundary markers: The orchestrator centralizes information into a Strategy Brief, though it lacks explicit delimiters for external content.
  • Capability inventory: The skill has access to Bash and WebFetch tools, providing a path for potential impact if an injection were to occur.
  • Sanitization: The Critic agent verifies all generated claims against the original pre-dispatch context, ensuring that no fabricated or unauthorized instructions from the input are integrated into the output.
  • [EXTERNAL_DOWNLOADS]: The skill declares the use of WebSearch and WebFetch in its frontmatter to conduct legitimate target research. These activities are consistent with the stated purpose of creating signal-based personalized outreach.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — cold-outreach