posthog-inbound-leads
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Salesforce lead fields and email bodies. This data is used to determine business logic and drive tool interactions. * Ingestion points: Lead context including Salesforce fields, email bodies, and notes provided by the user (SKILL.md). * Boundary markers: No explicit delimiters or instructions are present to separate untrusted lead content from agent instructions. * Capability inventory: The agent has access to 'vitally:search_users', 'vitally:get_account_full', 'web_fetch', and 'web_search' (SKILL.md). * Sanitization: There is no evidence of sanitization, validation, or escaping of ingested lead data before it influences agent reasoning or tool parameter selection.
Audit Metadata