company-people-list
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection by design.
- Ingestion points: The workflow involves reading email history via Gmail (
gmail_read_thread) and meeting notes via Granola (get_meetings). - Boundary markers: There are no defined delimiters or specific instructions for the agent to ignore or isolate potential commands embedded within the external communication data.
- Capability inventory: The agent has permissions to write files to the local workspace (CSV generation) and create records/notes in the Attio CRM (
create-note). - Sanitization: The instructions do not specify any sanitization or validation steps for the content retrieved from external threads before it is processed or stored in the CRM.
- [DATA_EXFILTRATION]: The skill aggregates high-sensitivity information from private sources (Gmail threads and Granola meeting transcripts) and processes it through multiple third-party services, including the vendor-owned Extruct platform and Attio CRM. While this reflects the primary purpose of the skill, it involves the movement of sensitive communication data across different service providers.
Audit Metadata