agent-prompts
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown files containing text-based prompt templates. There are no executable scripts, binaries, or active configuration files present within the analyzed files.
- [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection Surface. The templates provided in 'references/ai-workflow.md' and 'references/workflow-builder.md' define an attack surface where an agent processes untrusted external data and has access to high-privilege capabilities.
- Ingestion points: The 'Customer Support AI Agent' and 'Content Summarizer' templates in 'references/ai-workflow.md' specifically ingest data from URLs and emails. The 'Lead Capture' and 'Customer Support' templates in 'references/workflow-builder.md' ingest data from webhooks.
- Boundary markers: The templates lack explicit delimiters (like XML tags or triple quotes) or system instructions to ignore embedded commands within the ingested content, increasing the risk that the agent will follow instructions hidden in the data.
- Capability inventory: The workflows generated by these templates are designed to perform sensitive write operations, including updating CRM databases (HubSpot, Salesforce), sending automated Slack notifications, and drafting/sending email responses.
- Sanitization: The templates do not include instructions for sanitizing, validating, or filtering the external content before it is processed by the AI model.
Audit Metadata