lead-scoring-model
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from CRM exports and historical win/loss records without explicit sanitization or boundary markers. Malicious content within these files could attempt to override agent instructions. Ingestion points: CRM exports, win/loss records, sales activity logs. Boundary markers: Absent. Capability inventory: Bash, Write, WebFetch. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform statistical analysis, data quality audits, and model validation. This involves the agent generating and executing scripts at runtime to calculate correlations, lift, and distribution metrics based on user-provided data.
- [DATA_EXFILTRATION]: The skill handles highly sensitive business information, including CRM records and deal history, while having access to the WebFetch tool. Although no malicious behavior is instructed, the combination of sensitive data access and network capabilities represents a potential exfiltration vector if the agent is influenced by untrusted data content.
Audit Metadata