deal-momentum-analyzer
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation describes establishing persistence on macOS systems by creating a launchd agent at '~/Library/LaunchAgents/com.tim.deal-momentum.plist'. This configuration allows the skill's logic to execute automatically and maintain a persistent presence across user sessions.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes untrusted data from external CRM records.
- Ingestion points: The 'ask_agent' tool is used to retrieve activity history, call notes, and engagement data from HubSpot (SKILL.md).
- Boundary markers: Absent; the workflow does not define delimiters or instructions for the agent to ignore potentially malicious instructions embedded in the CRM data.
- Capability inventory: The skill has the ability to perform 'gmail_create_draft', 'gcal_create_event', and 'apollo_mixed_people_api_search' (SKILL.md), which could be triggered or manipulated by poisoned data.
- Sanitization: Absent; the instructions do not include any validation or filtering steps for the content retrieved from the CRM before it influences the action-engine or drafting logic.
Audit Metadata