lcrm-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Node.js scripts (
scripts/search.mjsandscripts/request.mjs) to perform CRM data lookups. The agent is instructed to execute these scripts with various actions and options based on user queries. - [DATA_EXFILTRATION]: The skill performs network requests to an external domain (
crm.langcore.net) to retrieve CRM data. While this is the intended functionality of the tool, it involves sending user-provided query parameters and an authentication token to a non-whitelisted external service. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the CRM API (e.g., customer descriptions, business records, or lead notes).
- Ingestion points: Data enters the agent's context through API responses fetched in
scripts/search.mjsandscripts/request.mjs. - Boundary markers: The skill does not implement specific delimiters or warnings to treat fetched CRM content as untrusted data.
- Capability inventory: The skill has the ability to execute shell commands via Node.js scripts and make further network requests.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the CRM before it is presented to the agent.
- [CREDENTIALS_UNSAFE]: The skill requires the
LCRM_API_KEYenvironment variable for authentication. While it does not hardcode secrets, it handles sensitive bearer tokens in theAuthorizationheader during API requests inscripts/lib.mjs.
Audit Metadata