sdr-email-sms-playbook

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill directs the agent to write a JSON outcome file to ~/.claude/skill-analytics/last-outcome-sdr-email-sms-playbook.json. Writing to hidden configuration directories outside the project root can be used to store or harvest session-related data and may circumvent standard file system boundaries.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by interpolating untrusted data into its outputs.
  • Ingestion points: Prospect and organization details (e.g., [Org Name], [First Name]) provided by the user are used to fill templates in SKILL.md.
  • Boundary markers: Absent; the skill uses plain text placeholders without delimiters to separate instructions from data.
  • Capability inventory: The skill includes file-writing capabilities to the local file system.
  • Sanitization: No validation or filtering of user-supplied strings is performed before they are placed into email drafts or the telemetry JSON file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 04:24 PM
Security Audit — agent-trust-hub — sdr-email-sms-playbook