inbound-lead-qualification
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection due to its processing of external, untrusted data.
- Ingestion points: The skill ingests untrusted data from multiple sources in SKILL.md, including raw lead lists and CRM exports (Step 1), and user-provided context such as demo request messages and chat transcripts (Step 5).
- Boundary markers: There are no instructions or patterns provided to wrap external content in delimiters or include warnings for the agent to ignore embedded instructions within the processed lead data.
- Capability inventory: The skill leverages sensitive capabilities including web-search, contact-enrichment, and crm-lookup, and it performs file write operations to store results in CSV format (Step 7).
- Sanitization: No sanitization, validation, or escaping mechanisms are described for the data being interpolated into the qualification and scoring logic.
Audit Metadata