Skills
skills/psquared-development/psquared-skills/check-outreach-status/Gen Agent Trust Hub

check-outreach-status

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to perform network operations against the author's CRM and notification services (crm.psquared.dev and notifications.psquared.dev). These operations are consistent with the skill's stated purpose of monitoring outreach status.
  • [DATA_EXPOSURE]: The skill instructions direct the agent to read the .env file to retrieve necessary API tokens (PSQUARED_CRM_TOKEN and EMAIL_DRAFT_ONLY_BEARER). This is a standard practice for managing credentials required for the skill's integration with external services.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from the CRM GraphQL API. While this introduces an ingestion point for external content, the risk is mitigated as the skill lacks high-privilege capabilities such as file system writes or arbitrary code execution, and primarily uses the data for status reporting and conditional checks within the vendor's environment.
  • Ingestion points: CRM GraphQL API response (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Network read/write via curl to vendor-owned domains.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:03 PM
Security Audit — agent-trust-hub — check-outreach-status