account-handover
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
query-runMCP tool to execute SQL queries on internal PostgreSQL databases (postgres.prod.billing_usagereport) to retrieve usage metrics and billing trends. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting unstructured data from customer communications.
- Ingestion points: The skill reads external account notes and conversation logs via the
vitally:get_account_notesandvitally:get_account_conversationstools. - Boundary markers: There are no explicit delimiters or instructions within the skill logic to prevent the agent from following commands embedded within the retrieved notes.
- Capability inventory: The skill has access to internal usage databases through SQL execution and the Vitally CRM API.
- Sanitization: No sanitization, escaping, or validation logic is present to process the external text before it is included in the final handover document.
Audit Metadata