business-pulse
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from untrusted external sources like email and messengers.
- Ingestion points: The skill fetches data via
~~почтаand~~мессенджер(referenced in SKILL.md and reference/data_sources.md). - Boundary markers: There are no explicit delimiters or protective instructions provided to the agent to treat data from these sources as untrusted or to ignore any embedded commands.
- Capability inventory: The skill includes tools for writing data to storage (
~~хранилище) and sending messages (~~мессенджер), which could be abused if an injection is successful. - Sanitization: The skill does not implement sanitization or validation of the text content retrieved from external communications before presenting it to the model for summarization.
Audit Metadata