win-loss-reason-extraction
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external sales conversations to extract outcomes. This creates a surface for indirect prompt injection where an individual (e.g., a prospect) could attempt to manipulate the analysis or CRM records by embedding malicious instructions within the conversation text.
- Ingestion points: Untrusted conversation data enters the system through the
extract_reasons_from_conversationandextract_reasons_with_llmfunctions inSKILL.md. - Boundary markers: The prompt template used in
extract_reasons_with_llmdoes not employ clear delimiters (such as triple backticks or XML tags) or system instructions to disregard commands embedded within the variable{format_conversation(conversation)}. - Capability inventory: The skill possesses the capability to write directly to external systems via the
update_crm_with_reasonsfunction, which maps extracted data to CRM fields. - Sanitization: There is no evidence of text sanitization, input validation, or filtering of the conversation content prior to LLM processing or CRM submission.
Audit Metadata