client-health-dashboard
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks by ingesting data from external, untrusted sources.
- Ingestion points: Untrusted data is retrieved from Gmail messages via
mcp__claude_ai_Gmail__gmail_search_messages, Slack messages viamcp__claude_ai_Slack__slack_search_public_and_private, and local files identified via theGlobtool in Phase 1 of SKILL.md. - Boundary markers: The instructions do not define delimiters or clear boundary markers to isolate retrieved data from system instructions, which could allow malicious content embedded in messages or files to influence the agent's behavior.
- Capability inventory: The agent is authorized to use high-impact tools including
Bash,Write, andWebFetchas listed in SKILL.md, which could be exploited if an indirect injection succeeds. - Sanitization: There is no mention of sanitizing, escaping, or validating content retrieved from external communication sources before it is processed for sentiment analysis or health scoring.
- Data Access: The skill accesses highly sensitive business information including CRM records (MRR, deals, contacts), billing history, and private communications, which forms the core data set vulnerable to potential manipulation.
Audit Metadata