inbox-exploration
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it retrieves and summarizes content derived from external sources like error logs, GitHub issues, and customer support tickets.\n
- Ingestion points: Untrusted data enters the context through
inbox-reports-listandinbox-reports-retrievetools, as well as the mentionedsignalsskill tools.\n - Boundary markers: The instructions do not provide explicit delimiters or warnings to separate external content from the agent's instructions, increasing the risk of the agent following embedded commands.\n
- Capability inventory: The skill's capabilities are restricted to read-only API calls and database queries. It does not include tools for file modification, network exfiltration to third-party domains, or subprocess execution.\n
- Sanitization: There is no description of sanitization or validation performed on the retrieved report text before it is summarized for the user.\n- [SAFE]: All network references and deep-links point to official 'posthog.com' domains, which align with the skill's stated vendor and purpose.\n- [SAFE]: The skill exclusively employs read-only tools and explicitly states that integration credentials are not accessible through the provided configuration data.
Audit Metadata