gtm-cold-email

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes prospect data from external CSV files to generate personalized email sequences, creating an entry point for indirect prompt injection.
  • Ingestion points: Reads data from prospects/*.csv files to populate email hooks and bodies.
  • Boundary markers: No explicit delimiters or boundary instructions are provided to the agent to distinguish between instructions and data during email drafting.
  • Capability inventory: The skill possesses the capability to compose, send, and modify emails via the Gmail API, and write to local logs.
  • Sanitization: No explicit sanitization or validation of the CSV input content is performed before interpolation into prompts.
  • [COMMAND_EXECUTION]: The skill provides instructions for the user to execute shell commands for environment configuration, including gcloud CLI operations, package installation via pip, and running a local Python authentication script (scripts/gmail-auth.py).
  • [DATA_EXFILTRATION]: As part of its intended primary function, the skill transmits data (emails) to external recipient addresses using the Gmail API (a well-known service). It utilizes official Google API endpoints for these operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 05:53 PM
Security Audit — agent-trust-hub — gtm-cold-email