call-prep
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure] (LOW): The skill is designed to ingest highly sensitive information from connected tools including CRMs, email threads, internal chat history, and meeting recordings.
- Evidence: SKILL.md explicitly lists capabilities to pull 'account history, contacts, opportunities', 'recent threads', and 'internal discussions' from platforms like Salesforce, HubSpot, and Slack.
- Risk: While no unauthorized external exfiltration was detected, the aggregation of this data into a single AI context increases the impact of any potential session compromise.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data which could contain malicious instructions.
- Ingestion points: Web search results for company news and funding announcements, as well as attendee LinkedIn profiles (SKILL.md Step 2).
- Boundary markers: Absent; the skill does not define clear delimiters or instructions to ignore embedded commands in the researched text.
- Capability inventory: Read access to CRM, Email, Chat, and Calendar; interpolation of research data into a synthesized prep brief (SKILL.md Step 3).
- Sanitization: Absent; the skill directly incorporates found news items and background info into the output brief.
- [Metadata Analysis] (SAFE): The skill metadata (name, description, author) is consistent with the functionality and contains no deceptive instructions.
Audit Metadata