taskflow
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external sources (Gmail and GitHub). This is a vulnerability surface where malicious content in an email or pull request could attempt to influence agent behavior.
- Ingestion points: Untrusted data is ingested via
gog.gmail.searchinexamples/inbox-triage.lobsterandgh pr listinexamples/pr-intake.lobster. - Boundary markers: The classification prompts used in the examples do not implement explicit delimiters or boundary markers to isolate untrusted input.
- Capability inventory: The skill orchestrates tools with capabilities to send messages (Slack, Telegram) and modify repository state (closing PRs, refactoring branches).
- Sanitization: There is no evidence of sanitization or escaping of the external content before it is interpolated into classification prompts.
Audit Metadata