write-outreach
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's reply-to-inbound route (Route B) represents a surface for indirect prompt injection. It ingests untrusted text from prospect replies and passes it to various processing agents.
- Ingestion points: Untrusted prospect reply text is ingested via the
inbound_replyparameter inSKILL.md(Route B) and subsequently processed byagents/reply-classifier.mdandagents/reply-composer.md. - Boundary markers: The
inbound_replycontent is interpolated into sub-agent prompts without robust delimiters or explicit instructions to ignore potentially malicious embedded commands. - Capability inventory: The orchestrator is configured with access to powerful tools including
Bash,WebFetch, andWebSearch, and performs regular file-write operations to the local project structure. - Sanitization: There is no evidence of sanitization, filtering, or escaping applied to the
inbound_replycontent before it is processed by the AI agents.
Audit Metadata