write-outreach

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's reply-to-inbound route (Route B) represents a surface for indirect prompt injection. It ingests untrusted text from prospect replies and passes it to various processing agents.
  • Ingestion points: Untrusted prospect reply text is ingested via the inbound_reply parameter in SKILL.md (Route B) and subsequently processed by agents/reply-classifier.md and agents/reply-composer.md.
  • Boundary markers: The inbound_reply content is interpolated into sub-agent prompts without robust delimiters or explicit instructions to ignore potentially malicious embedded commands.
  • Capability inventory: The orchestrator is configured with access to powerful tools including Bash, WebFetch, and WebSearch, and performs regular file-write operations to the local project structure.
  • Sanitization: There is no evidence of sanitization, filtering, or escaping applied to the inbound_reply content before it is processed by the AI agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — write-outreach