multi-brand-router
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection within its AI Classification fallback section.\n
- Ingestion points: External lead data including 'name', 'email', 'message', 'source', and 'location' (specified in the n8n sub-workflow input) is ingested into the agent context.\n
- Boundary markers: The AI prompt template lacks delimiters or specific instructions to treat the lead data as untrusted content, allowing potential instructions within a lead message to influence the classifier.\n
- Capability inventory: The skill has the capability to update CRM records and manage list entries using Attio MCP tools.\n
- Sanitization: No sanitization, escaping, or validation logic is applied to the untrusted lead fields before they are interpolated into the AI prompt template.
Audit Metadata