inbound-lead-triage
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate business workflow for lead management and prioritization.
- [COMMAND_EXECUTION]: The skill documentation mentions the use of various CLI tools and APIs such as HubSpot, Salesforce, Apollo, Supabase, and gcalcli for lead collection and enrichment. These are standard integrations for the intended business functionality.
- [DATA_EXFILTRATION]: The skill processes lead data and saves results to a local CSV file within the client directory. It does not exhibit patterns of exfiltrating sensitive information to unauthorized external domains.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted inbound lead data (form messages, chat transcripts). However, the inclusion of a mandatory human review step ('Human Checkpoint') and the generation of outreach as drafts for user approval significantly mitigates this risk.
Audit Metadata