Lead Processor
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to access
config/accounts.json, a configuration file likely containing sensitive authentication credentials for email accounts. Accessing such configuration files is a sensitive operation.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted data from external sources (emails).\n - Ingestion points: Incoming emails fetched from IMAP mailboxes as described in the triage section of SKILL.md.\n
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from being influenced by malicious instructions embedded within the body of a processed email.\n
- Capability inventory: The agent can move emails between folders, create drafts in mailboxes, send emails via SMTP (following a keyword confirmation), and update records in an external CRM system (SKILL.md).\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the email content before it is summarized, translated, or used to update the CRM database.
Audit Metadata