disqualification-handling
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external, untrusted lead data (such as names and company descriptions) and interpolating these strings directly into email templates in Step 2.
- Ingestion points: Lead data is received from the 'disqualified-leads' requirement as described in SKILL.md.
- Boundary markers: The skill does not define explicit delimiters or instructions to the model to ignore potential commands embedded within the lead data fields.
- Capability inventory: The skill utilizes 'email-drafting' capabilities and possesses write access to CRM tools and the local file system (e.g., CSV exports and client configurations).
- Sanitization: No sanitization, escaping, or validation steps are documented for the lead-provided content before it is processed by the drafting logic.
Audit Metadata