sales-playbook
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web. 1. Ingestion points: WebSearch and WebFetch tools are used in SKILL.md to research competitors on G2, Capterra, and Reddit. 2. Boundary markers: Absent; there are no instructions to the agent to ignore or delimit potentially malicious instructions found in the retrieved web content. 3. Capability inventory: The skill has Write and Edit tools enabled in SKILL.md, which could be exploited if an attacker successfully injects instructions. 4. Sanitization: Absent; external content is processed directly to generate sales playbooks.
- [DATA_EXFILTRATION] (LOW): The skill performs network operations to non-whitelisted domains such as G2 and Reddit via the WebSearch and WebFetch tools.
Audit Metadata