send-report
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes multiple local Python scripts (
performance-monitor.py,report-generator.py,approval-manager.py, andexecution-tracker.py) to aggregate metrics, generate report content, manage approvals, and track execution history. - [DATA_EXFILTRATION]: The skill transmits potentially sensitive marketing and performance data to external platforms including Slack, email (SendGrid), and Google Sheets. This behavior is documented as the core functionality of the skill and includes a mandatory preview and approval step before transmission.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from external sources.
- Ingestion points: Performance metrics and campaign metadata are pulled from third-party analytics platforms (Google Analytics, Google Ads, Meta Ads, etc.) via the
performance-monitor.pyscript. - Boundary markers: There are no clear delimiters or instructions to the agent to ignore potentially malicious content embedded in the ingested analytics data (e.g., campaign names containing instructions).
- Capability inventory: The skill possesses the ability to execute local scripts, read brand configuration files from the home directory, and perform network operations to deliver data to external services.
- Sanitization: The instructions do not describe any sanitization or validation of the data retrieved from external analytics APIs before it is processed by the report generator.
Audit Metadata