clay-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill instructions follow standard procedures for API integration and data processing.
- [PROMPT_INJECTION]: The skill processes external data from CSVs and API responses, representing a surface for indirect prompt injection. This behavior is central to the skill's primary function of data enrichment.
- Ingestion points: CSV uploads and API records (SKILL.md, Step 2).
- Boundary markers: None identified within the provided instructions.
- Capability inventory:
Bash(npm:*),Read,Write,Edit, andGreptools (SKILL.md frontmatter). - Sanitization: No explicit sanitization or validation steps for incoming data are described in the workflow.
Audit Metadata