lcrm-deal-closer
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands using string interpolation of user-supplied variables, such as
<客户名>and<customerId>, within thenode scripts/search.mjsexecution path. This pattern poses a risk of shell command injection if the execution environment does not adequately escape or sanitize these inputs before they are passed to the system shell. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from an external CRM system to generate sales strategies.
- Ingestion points: Customer business records and follow-up history retrieved via
scripts/search.mjs. - Boundary markers: Absent. The instructions do not define delimiters or provide 'ignore instructions' directives for the data processed from the CRM.
- Capability inventory: The skill has the ability to execute subprocesses via
node scripts/search.mjsto interact with local scripts. - Sanitization: Absent. There is no evidence of content validation or sanitization for the business records before they are used to influence the agent's strategic output.
Audit Metadata