competitive-intelligence-gathering
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an 'LLM-Enhanced Extraction' architecture in SKILL.md that is susceptible to indirect prompt injection. Untrusted prospect conversation data is interpolated directly into an LLM prompt template via the {format_conversation(conversation)} variable. Ingestion points: Untrusted raw text from prospect messages enters the agent's context. Boundary markers: The prompt template does not utilize delimiters (like XML tags or block markers) or system-level instructions to ignore embedded commands within the conversation text. Capability inventory: The described extraction pipeline triggers automated alerts to internal teams and stores data in a persistent database. Sanitization: No input validation or sanitization logic is present in the provided code snippets to filter or escape malicious instructions.
Audit Metadata