Skills
skills/psquared-development/psquared-skills/setup-email-drafts/Gen Agent Trust Hub

setup-email-drafts

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands using curl to perform GraphQL queries and mutations on the CRM (crm.psquared.dev) and to create email drafts via a notification service (notifications.psquared.dev). These commands use interpolated variables for tokens and record IDs.
  • [DATA_EXFILTRATION]: The skill accesses sensitive credentials (PSQUARED_CRM_TOKEN, EMAIL_DRAFT_ONLY_BEARER) from a .env file. These tokens are transmitted in HTTP headers to external endpoints. Although these endpoints are associated with the skill's author (psquared.dev), this represents a flow of sensitive authentication data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external data.
  • Ingestion points: Data such as company names, opportunity names, and contact information are fetched from the CRM in Steps 1, 2, and 4c of SKILL.md.
  • Boundary markers: None identified. CRM data is used directly in the context of generating email drafts.
  • Capability inventory: The skill has the ability to execute shell commands (curl) and read local files (.env).
  • Sanitization: There is no explicit sanitization or validation of the data retrieved from the CRM before it is used to influence the agent's text generation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:03 PM
Security Audit — agent-trust-hub — setup-email-drafts