sanity-check
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs HTTP POST requests to
crm.psquared.devandnotifications.psquared.dev. These endpoints are used to query CRM data and trigger configuration checks on demo agents. This behavior is consistent with the skill's stated purpose and targets the developer's own infrastructure. - [DATA_EXPOSURE]: The skill reads the local
.envfile to retrieve authentication tokens (EMAIL_DRAFT_ONLY_BEARERandPSQUARED_CRM_TOKEN). Accessing environment files for specific service tokens is a standard practice for local agent integrations and does not indicate malicious intent in this context. - [INDIRECT_PROMPT_INJECTION]: The skill processes structured data (JSON and GraphQL responses) from external APIs, which represents a potential injection surface.
- Ingestion points: API responses from
crm.psquared.devandnotifications.psquared.devcontaining company names and status messages (SKILL.md). - Boundary markers: Absent; the skill does not wrap the external content in specific delimiters.
- Capability inventory: File system read access (to
.env) and outbound network requests (SKILL.md). - Sanitization: No explicit sanitization or validation of the API data is mentioned before it is reported to the user.
Audit Metadata