gtm-warm-intro

Warn

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses the file path ${CURSOR_PLUGIN_ROOT}/.gtm-state/gmail-token.json, which contains sensitive authentication credentials. Accessing token files for email automation represents a significant data exposure risk if the environment is not secured.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on external data inputs.
  • Ingestion points: Processes data from prospects/*.csv and linkedin-connections.csv (SKILL.md).
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' instructions for content retrieved from these files.
  • Capability inventory: The skill possesses the ability to read and write files (outreach-log/) and send communications via the Gmail API (SKILL.md).
  • Sanitization: The skill lacks mechanisms to sanitize or validate strings from the CSV files before including them in drafted outreach messages.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 05:53 PM
Security Audit — agent-trust-hub — gtm-warm-intro