follow-up-sequences
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data within its message generation prompts.
- Ingestion points: Lead data is ingested from the Attio CRM, including fields like 'firstName', 'lastName', 'role', 'industry', and 'interaction_summary'.
- Boundary markers: The 'Context-Aware Prompt' section does not use delimiters or instructions to ignore potential commands embedded in the lead data variables.
- Capability inventory: The skill has the capability to send generated content to external parties via the Smartlead API (email), WhatsApp Business API, and Telegram Bot API.
- Sanitization: There is no evidence of input validation or sanitization of lead-provided strings before they are interpolated into the prompt template.
Audit Metadata