lead-import
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests untrusted data from user-provided CSV file paths, JSON arrays, and manual field entries during the 'Parse and validate lead data' step.
- Boundary markers: There are no explicit instructions to use delimiters or 'ignore embedded instructions' when processing the record content.
- Capability inventory: The skill has significant capabilities including writing to the local filesystem (~/.claude-marketing/brands/{slug}/logs/lead-import-log.json), querying and writing to a CRM via the CRM MCP, and triggering external communications via the email-specialist/email platform MCP.
- Sanitization: While step 2 performs format validation (RFC 5322, E.164), it does not explicitly sanitize for natural language instructions that might be embedded in fields like 'job title', 'company', or 'custom fields' which are then processed by the agent during scoring and payload preparation.
Audit Metadata