evaluate-outreach
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes vendor-specific infrastructure for legitimate configuration and performance tracking.
- The script
scripts/lib/hosted-api.tscommunicates withapi.forsvn.comto fetch configuration packs and post cycle metrics. - It manages its own API keys stored in
~/.config/forsvn/credentials.json, which is a standard pattern for the toolchain associated with the author hungv47. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external sources.
- The
Metric Ingest Agentprocesses raw reply threads and CRM data which could contain adversarial instructions. - The skill possesses filesystem write capabilities to update ledgers and evaluation artifacts.
- Evidence of mitigation: Support scripts such as
append-loop-result.tsinclude validation to prevent tab or newline injections in data fields, and file operations are protected by symbolic link checks and path sanitization.
Audit Metadata