inbox
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several local Python scripts included in its package to manage session state, analyze email samples, and validate the integrity of the knowledge base. For example,
section_progress_tracker.pypersists onboarding state in a session directory, anddraft_safety_validator.pyperforms a deterministic post-run scan of tool logs to verify that no 'send' operations were triggered.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data from external email search results. \n - Ingestion points: External email content retrieved during the triage phase. \n
- Boundary markers: No explicit delimiters or 'ignore' instructions are defined for the retrieval of email content in the search step. \n
- Capability inventory: The skill can update its local knowledge base files and create email drafts in the user's mail client. \n
- Sanitization: No automated sanitization is performed on email bodies, though the 'drafts-only' policy and human-review requirement effectively mitigate the risk of autonomous malicious actions.
Audit Metadata