pipeline-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installation utilizes
npx goose-skills, which downloads the necessary packages from the standard ecosystem registry. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) due to its core functionality of ingesting and analyzing data from external sources.
- Ingestion points: The skill pulls deal and meeting data from external systems including Salesforce, HubSpot, Pipedrive, Supabase, and local CSV files (SKILL.md, Step 1).
- Boundary markers: The instructions do not specify the use of clear delimiters or 'ignore embedded instructions' prompts when interpolating external CRM data into the analysis process.
- Capability inventory: The skill has the ability to write files to the local directory and push data to external services such as Slack, Notion, and Email (SKILL.md, Step 4).
- Sanitization: No data validation or sanitization steps are defined for the incoming CRM data before it is processed by the agent.
Audit Metadata