Pipedrive Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by retrieving data from Pipedrive records and embedding it in communications.
- Ingestion points: Data enters the agent context from Pipedrive deals, organizations, and persons via the
crm-mcptools. - Boundary markers: No delimiters (such as XML tags or explicit escaping) are used in email templates or Slack message configurations to isolate interpolated fields like
{{company_insight}}or{{deal.title}}. - Capability inventory: The skill possesses the capability to send emails and post to Slack channels, which could be leveraged if malicious instructions are stored in CRM fields.
- Sanitization: No input validation or content filtering is specified for the CRM data before it is processed.
- [NO_CODE]: This skill definition is provided entirely in Markdown and YAML format within the SKILL.md file and does not include any standalone executable scripts for analysis.
Audit Metadata