sales-performance-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources including CRM systems, outreach platforms, and spreadsheets, creating an indirect prompt injection surface. Ingestion points include CRM deal records and outreach campaign replies. Boundary markers are not explicitly defined in the prompt logic. The capability inventory includes data analysis, reporting, and exporting to Notion or Google Slides. Sanitization or validation steps for external data are not specified.
- [DATA_EXFILTRATION]: The skill handles sensitive business data, including pipeline metrics and revenue figures, retrieved from external services. This data can be exported to platforms like Notion or Google Slides.
- [EXTERNAL_DOWNLOADS]: The installation process uses npx to retrieve components from the npm registry.
- [COMMAND_EXECUTION]: The skill's installation metadata includes an npx command to execute the skill installer.
Audit Metadata