inbound-lead-qualifier-skill
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted lead data (form fills, engagement history) which is used to generate outreach content and routing logic. There are no boundary markers or sanitization steps mentioned, making it vulnerable to malicious instructions embedded within the lead data. * Ingestion points: form data and engagement history. * Boundary markers: Absent. * Capability inventory: File-write capability to local analytics folder. * Sanitization: Absent.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The workflow concludes with an instruction to write a JSON sidecar containing lead metrics and session IDs to a local path (
~/.claude/skill-analytics/). This automated writing of processed data to the filesystem occurs without explicit user verification or sanitization of the values being written.
Audit Metadata