list-building
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The workflow for company qualification is vulnerable to indirect prompt injection from external web content. * Ingestion points: Untrusted website data is stored in the company_summary variable in list-building/resources/templates/beginner-workflow.md (Step 5 and 6). * Boundary markers: The prompt templates lack delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings to isolate untrusted content from system instructions. * Capability inventory: The AI classification result directly triggers automated lead processing (Push to Sequencer), enabling external content to potentially influence agent behavior and campaign routing. * Sanitization: Scraped content is interpolated into the prompts for GPT-4 mini and Claude 3.5 Sonnet without any filtering, validation, or sanitization.
Audit Metadata