spark-recipe-unsubscribe-audit

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from email bodies and headers.
  • Ingestion points: The skill reads external data using spark emails and spark thread commands across multiple steps (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within the email content during the extraction or reading process.
  • Capability inventory: The agent has the ability to execute shell commands (spark, grep), write to the local filesystem (/tmp), and perform browser-based actions.
  • Sanitization: The skill includes a 'Phishing tripwire' logic to identify suspicious domains and explicitly requires user confirmation ('wait for the user to confirm or amend the list') before executing unsubscribes, which serves as a significant manual mitigation.
  • [COMMAND_EXECUTION]: The skill relies on the spark CLI tool for its primary operations, including scanning email pools, unsubscribing, and blocking contacts. It also utilizes standard shell redirection and grep to extract links from temporary files created in /tmp.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:43 PM
Security Audit — agent-trust-hub — spark-recipe-unsubscribe-audit