sales-qwilr-automation
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official Qwilr REST API (api.qwilr.com) and references standard developer documentation (developers.qwilr.com) to facilitate the intended automation functions.
- [COMMAND_EXECUTION]: Provides standard curl command examples for API interaction and includes an instruction for using a platform-specific CLI tool to install related vendor skills.
- [DATA_EXFILTRATION]: Outlines the transfer of CRM data to the Qwilr service for the purpose of generating sales proposals, which is the primary stated functionality of the skill.
- [PROMPT_INJECTION]: The skill contains a potential surface for indirect prompt injection through the processing of external CRM data (such as company names and contact details) into template tokens.
- Ingestion points: Data fields from HubSpot, Salesforce, and Pipedrive opportunity and contact records.
- Boundary markers: Employs the
{{token_name}}syntax to delimit where CRM data is inserted into Qwilr templates. - Capability inventory: Utilizes API calls to create pages and manage webhooks on the Qwilr platform.
- Sanitization: The instructions focus on mapping logic and do not include specific sanitization or escaping protocols for the ingested data.
Audit Metadata