inbound-lead-qualification
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes untrusted data from demo requests and chatbot conversations to infer intent and implementation feasibility.
- Ingestion points: Lead data provided via
inbound-lead-data, demo request messages, and chatbot logs in Step 5. - Boundary markers: None specified to prevent the model from following instructions embedded within the lead's messages.
- Capability inventory: The skill possesses
web-search,crm-lookup, and the ability to read/write files to the local system. - Sanitization: There are no documented steps for sanitizing or escaping the text of lead requests before they are processed by the qualification logic.
Audit Metadata