CRM Manager
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection because it processes data from
crm.csvwithout using boundary markers or sanitization. Since the agent can write to files and make decisions based on this data, an attacker could embed malicious instructions in CSV fields (like notes or names) to hijack agent behavior. (Evidence: Ingestion points:crm.csvin SKILL.md; Boundary markers: Absent; Capability inventory: File read/write, backup creation, and decision-making; Sanitization: Absent). - EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation promotes several unverified third-party skills and directs users to install them using
clawhub install. These packages and the installer originate from an untrusted external source (afrexai-cto.github.io) not listed in the Trusted External Sources.
Recommendations
- AI detected serious security threats
Audit Metadata