attio-crm
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits CRM data and authentication headers to the official Attio API domain (api.attio.com). This behavior is documented and necessary for the skill's functionality.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes content from an external source (Attio CRM) that may contain untrusted instructions. 1. Ingestion points: Data is retrieved through the 'get_company', 'search_companies', and 'list_notes' methods in 'scripts/attio_api.py'. 2. Boundary markers: The skill does not implement delimiters or 'ignore' instructions to wrap external data when it is passed to the agent context. 3. Capability inventory: The skill possesses capabilities to create and update records within the CRM. 4. Sanitization: There is no evidence of sanitization or content validation for data retrieved from the CRM API.
Audit Metadata