battlecard
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from conversations and the competitive library to generate sales artifacts and emails.
- Ingestion points: External data enters the agent context via
search_knowledge_base,list_findings, andget_playbooktools as seen in Step 2 of the instructions in SKILL.md. - Boundary markers: The generated templates in Step 3 (e.g., Mode: Full Battlecard) use standard markdown headers, but do not include explicit instructions for the agent to ignore any embedded directives within the retrieved data.
- Capability inventory: The skill has the capability to generate content and outreach emails via the
generate_contentandgenerate_emailMCP tools. - Sanitization: There is no evidence of filtering, escaping, or validation of the retrieved library data before it is processed into the final output.
- [DATA_EXFILTRATION]: The skill accesses internal deal data and conversation transcripts using authorized tools (
list_events,list_findings). No unauthorized network operations or exfiltration to external domains were identified. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns, external package installations, or dynamic code execution behaviors were found. The skill relies exclusively on defined MCP tools for its functionality.
- [COMMAND_EXECUTION]: No arbitrary command execution or use of subprocesses was detected. All operations are performed through structured tool calls.
Audit Metadata