gtm-warm-intro
Warn
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the file path
${CURSOR_PLUGIN_ROOT}/.gtm-state/gmail-token.json, which contains sensitive authentication credentials. Accessing token files for email automation represents a significant data exposure risk if the environment is not secured. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on external data inputs.
- Ingestion points: Processes data from
prospects/*.csvandlinkedin-connections.csv(SKILL.md). - Boundary markers: The instructions do not define clear boundaries or 'ignore' instructions for content retrieved from these files.
- Capability inventory: The skill possesses the ability to read and write files (
outreach-log/) and send communications via the Gmail API (SKILL.md). - Sanitization: The skill lacks mechanisms to sanitize or validate strings from the CSV files before including them in drafted outreach messages.
Audit Metadata