gtm-cold-email
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes prospect data from external CSV files to generate personalized email sequences, creating an entry point for indirect prompt injection.
- Ingestion points: Reads data from
prospects/*.csvfiles to populate email hooks and bodies. - Boundary markers: No explicit delimiters or boundary instructions are provided to the agent to distinguish between instructions and data during email drafting.
- Capability inventory: The skill possesses the capability to compose, send, and modify emails via the Gmail API, and write to local logs.
- Sanitization: No explicit sanitization or validation of the CSV input content is performed before interpolation into prompts.
- [COMMAND_EXECUTION]: The skill provides instructions for the user to execute shell commands for environment configuration, including
gcloudCLI operations, package installation viapip, and running a local Python authentication script (scripts/gmail-auth.py). - [DATA_EXFILTRATION]: As part of its intended primary function, the skill transmits data (emails) to external recipient addresses using the Gmail API (a well-known service). It utilizes official Google API endpoints for these operations.
Audit Metadata