insights
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data processing flow.
- Ingestion points: Untrusted data enters the agent context via call transcripts and email contents retrieved through
list_eventsandget_event_detailas specified in Step 2 and Step 4 of SKILL.md. - Boundary markers: The instructions do not define delimiters or provide specific warnings to the agent to ignore instructions embedded within the conversation transcripts.
- Capability inventory: The skill is granted the capability to modify organizational knowledge via the
update_entitytool, which can overwrite personas and playbooks based on processed insights (Step 5). - Sanitization: There is no evidence of content sanitization, escaping, or validation of the retrieved transcript data before it is interpolated into the reasoning process for library updates.
Audit Metadata