crm-sync
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
crm-sync.pyto manage CRM interactions, status checks, and data deduplication logic. - [DATA_EXPOSURE]: Accesses brand profiles, compliance rules, and audit logs stored within the
~/.claude-marketing/directory to maintain operational context and regulatory alignment. - [INDIRECT_PROMPT_INJECTION]: The skill features a data ingestion surface through external CRM records and user-provided files (CSV/JSON).
- Ingestion points: CRM platforms (Salesforce, HubSpot, etc.) and file imports (Step 3).
- Boundary markers: None explicitly defined to isolate data from instructions.
- Capability inventory: Execution of
crm-sync.py, file system writes for logging, and network operations via CRM MCP. - Sanitization: Validation of email (RFC 5322) and phone (E.164) formats is performed before processing.
- [SAFE]: Implements a mandatory approval gate (Step 8) before executing any data writes and maintains a rollback manifest to ensure data integrity.
Audit Metadata