custom-field-population
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill describes an architecture for extracting data from user conversations using an LLM. The example prompt template for
extract_with_llmdoes not use explicit boundary markers to delimit untrusted conversation text from the instructions, creating a surface for indirect prompt injection where a user might attempt to manipulate CRM updates. However, the skill incorporates design patterns to mitigate this, including confidence-based filtering and human verification steps.\n - Ingestion points:
conversationdata processed inSKILL.md.\n - Boundary markers: Absent in the illustrative LLM prompt template.\n
- Capability inventory: Includes logic for
crm_client.updateto modify CRM records.\n - Sanitization: Employs
CONFIDENCE_THRESHOLDSandshould_updatevalidation logic to ensure data quality and prevent unintended overwrites.
Audit Metadata