Skills
skills/psquared-development/psquared-skills/check-demo-analytics/Gen Agent Trust Hub

check-demo-analytics

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads and sources a .env file from the local directory to extract sensitive credentials, specifically CRM_TOKEN_VAR and ACKEE_TOKEN_VAR. Accessing .env files is a high-risk activity as they often contain broad environment secrets.
  • [COMMAND_EXECUTION]: The skill uses curl to perform POST requests to external endpoints. While this is necessary for its functionality, direct command execution using environment variables can be leveraged if variables are manipulated.
  • [PROMPT_INJECTION]: The skill processes data from external APIs and interpolates it into a final report without sanitization, creating an indirect prompt injection surface.
  • Ingestion points: Data enters the context via Ackee and CRM GraphQL responses in Step 1 and Step 2.
  • Boundary markers: The reporting template in Step 4 does not use delimiters or instructions to ignore instructions embedded in the data.
  • Capability inventory: The skill has the ability to execute network commands via curl based on retrieved data patterns.
  • Sanitization: There is no evidence of filtering or validation of the company names or opportunity details retrieved from the CRM before display.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 05:48 PM