contact-manager
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script at
scripts/email/contact-normalizer.pyusing theuvtool. This script is responsible for the normalization and classification logic described in the skill instructions. - [PROMPT_INJECTION]: The skill exhibits a potential attack surface for indirect prompt injection because it processes external data from CSV and markdown files that could contain malicious instructions.
- Ingestion points: External contact exports located in
aceengineer-admin/admin/contacts/andsabithaandkrishnaestates/admin/contacts/are parsed and processed by the agent. - Boundary markers: None; the skill does not specify any delimiters or directives to ignore instructions that may be embedded within the data fields of the imported contact files.
- Capability inventory: The agent has the capability to execute shell commands and run local scripts (
uv run) to process these files. - Sanitization: Although the skill uses regex to filter for spam and malformed email patterns, it lacks validation or sanitization designed to neutralize potential prompt injection attacks contained within the data fields.
Audit Metadata