data-sync
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill scaffolds a data ingestion pipeline that fetches records from external CRMs and databases for processing by AI models. This creates a surface for indirect prompt injection if the source data contains adversarial instructions. \n
- Ingestion points: Data retrieval logic in
src/sync.ts,templates/hubspot.md,templates/salesforce.md, andtemplates/postgres.md. \n - Boundary markers: Absent. The provided templates do not include delimiters or specific safety instructions to isolate untrusted data during AI extraction. \n
- Capability inventory: The integration scripts have network access (via SDK clients) and file system access (for local sync state). \n
- Sanitization: While SQL queries are secured via parameterization, there is no content-level sanitization for the record data processed for memory extraction. \n- [EXTERNAL_DOWNLOADS]: The skill guides the user to install several packages from the NPM registry, including the vendor's SDK and well-known integration clients for HubSpot, Salesforce, and Postgres. \n- [COMMAND_EXECUTION]: Documentation includes standard CLI instructions for project initialization, build steps, and running the synchronization scripts. \n- [DATA_EXFILTRATION]: The primary purpose of the skill is to transfer records from external systems to the Personize platform. This data movement is documented and performed over authenticated channels to vendor-owned infrastructure.
Audit Metadata