close-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from the Close CRM API. Ingestion points: Data enters the agent context through SMS message content (
CLOSE_CREATE_SMS), lead notes (CLOSE_GET_NOTE), and custom field values (CLOSE_CREATE_LEAD). Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent regarding embedded instructions in the CRM data. Capability inventory: The skill utilizes tools with write and delete capabilities in the CRM environment, such asCLOSE_CREATE_LEAD,CLOSE_CREATE_CALL, andCLOSE_DELETE_CALL. Sanitization: Absent. No input validation or escaping logic is defined for the external data being processed. - External Downloads (LOW): The skill requires connecting to an external MCP server (
https://rube.app/mcp) which is not on the list of trusted providers. - No Code (SAFE): The skill does not provide any executable code or scripts, reducing the direct attack surface.
Audit Metadata