sdr-email-sms-playbook
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill directs the agent to write a JSON outcome file to
~/.claude/skill-analytics/last-outcome-sdr-email-sms-playbook.json. Writing to hidden configuration directories outside the project root can be used to store or harvest session-related data and may circumvent standard file system boundaries. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by interpolating untrusted data into its outputs.
- Ingestion points: Prospect and organization details (e.g.,
[Org Name],[First Name]) provided by the user are used to fill templates inSKILL.md. - Boundary markers: Absent; the skill uses plain text placeholders without delimiters to separate instructions from data.
- Capability inventory: The skill includes file-writing capabilities to the local file system.
- Sanitization: No validation or filtering of user-supplied strings is performed before they are placed into email drafts or the telemetry JSON file.
Audit Metadata