crm-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses an AI scoring model that interpolates external lead data into a natural language prompt. This creates a surface for indirect prompt injection where malicious instructions embedded in lead data (e.g., job titles or company names) could attempt to influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context through webhooks (form submissions), LinkedIn profile enrichment, and CRM object updates (HubSpot, Salesforce, Pipedrive).
- Boundary markers: The lead scoring prompt snippet
Lead Data: {lead_data}does not utilize delimiters or specific instructions to ignore embedded commands within the variable. - Capability inventory: The skill possesses the capability to modify CRM data, send Slack notifications, and trigger automated email outreach sequences.
- Sanitization: No explicit sanitization or validation of the
{lead_data}content is described before interpolation into the AI scoring prompt.
Audit Metadata