deal-review-win-loss
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation and instructional text. No executable scripts, shell commands, or binary files are present.
- [NO_CODE]: There are no functional code components, package dependencies, or automation scripts included in this skill.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it instructs the agent to ingest and analyze untrusted external data sources. Ingestion points: The agent is directed to gather data from CRM notes, email records, and customer interviews (SKILL.md). Boundary markers: Absent. There are no instructions to ignore or isolate commands embedded within the input data. Capability inventory: No code-based capabilities like shell execution or network requests are present. Sanitization: Absent. No logic is provided to filter or escape the input content.
Audit Metadata