inbound-lead-qualifier
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted inbound lead data from form fills and demo requests. This creates an indirect prompt injection surface where a malicious lead could attempt to influence the scoring or routing logic through embedded instructions in form fields.
- Ingestion points: Inbound lead data (form fills, demo requests)
- Boundary markers: Absent; no instructions are provided to the agent to distinguish between data and instructions within the input
- Capability inventory: The skill is limited to text generation (analysis, scoring, scripts, and routing briefings)
- Sanitization: Absent; the skill does not specify any validation or filtering of the lead data.
- [No Code] (SAFE): The skill consists entirely of markdown instructions and templates. No scripts, binaries, or command-line operations were detected.
Audit Metadata