cold-outreach
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill does not exhibit any malicious patterns such as credential theft, persistence, or data exfiltration. The instructions and reference files are purely focused on outreach strategy and message quality.
- [PROMPT_INJECTION]: The skill ingests untrusted data from prospects (e.g., quotes from posts or social media signals) to personalize messages, creating an indirect prompt injection surface.
- Ingestion points: Target information and prospect quotes are read by the Signal Analyst and Composer agents to generate observation lines.
- Boundary markers: The orchestrator centralizes information into a Strategy Brief, though it lacks explicit delimiters for external content.
- Capability inventory: The skill has access to Bash and WebFetch tools, providing a path for potential impact if an injection were to occur.
- Sanitization: The Critic agent verifies all generated claims against the original pre-dispatch context, ensuring that no fabricated or unauthorized instructions from the input are integrated into the output.
- [EXTERNAL_DOWNLOADS]: The skill declares the use of WebSearch and WebFetch in its frontmatter to conduct legitimate target research. These activities are consistent with the stated purpose of creating signal-based personalized outreach.
Audit Metadata