deal-reengagement
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill aggregates highly sensitive information from several sources including Gmail history, meeting transcripts from Granola, and CRM data from Attio.
- It snapshots commercial data (such as pricing and proposals) and PII to local storage within the
revops/customers/directory. - Although no network exfiltration to unauthorized domains was detected, the persistence of aggregated sensitive data to the local file system increases the impact of a potential local security compromise.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from external communications without sufficient isolation.
- Ingestion points: Raw email content retrieved via
gmail_read_threadand meeting transcripts fetched viaget_meeting_transcript(SKILL.md). - Boundary markers: The workflow lacks specific delimiters or instructions that would prevent the agent from interpreting instructions embedded within the emails or transcripts.
- Capability inventory: The skill has powerful write capabilities, including local file system writes and the ability to create email drafts using
gmail_create_draft. - Sanitization: There is no evidence of filtering or sanitization performed on external inputs before they are included in the prompt context or stored locally.
Audit Metadata