case-study-publisher
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a strict human-in-the-loop security model. It is explicitly instructed to show previews of all content and wait for user confirmation before submitting any forms, sending Slack messages, or finalizing drafts.
- [SAFE]: A pre-flight security check is performed by querying a 'no-fly-list' marketing reference to prevent the public disclosure of customers who have not consented to being featured, ensuring privacy and compliance.
- [COMMAND_EXECUTION]: The skill uses browser automation tools (
javascript_tool,form_input) to interact with platforms like Google Workspace and the AWS Partner Portal. These interactions are constrained to pre-defined workflows and utilize execution patterns (such as dual-listbox manipulation) sourced from internal configuration. - [PROMPT_INJECTION]: Analysis of the potential indirect prompt injection surface when processing user intake data:
- Ingestion points: Ingests user-filled intake forms based on the
assets/intake-template.mdtemplate. - Boundary markers: None explicitly defined in the instructions for delimiting the parsed intake fields.
- Capability inventory: Browser automation (
javascript_tool,form_input,tabs_context_mcp) and internal communication via Slack tools. - Sanitization: No specific sanitization or validation of ingested text fields is described.
- Conclusion: While the ingestion of untrusted data constitutes a surface area, the risk is mitigated by the mandatory human review and approval process required before every state-changing operation.
Audit Metadata