meddic-call-prep-auto
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted data from multiple external ingestion points.
- Ingestion points: Untrusted content is retrieved from HubSpot deal notes (
hubspot_get_deal), Google Calendar event descriptions (gcal_get_event), and CRM activity logs via theask_agenttool. - Boundary markers: The skill workflow lacks explicit delimiters or instructions to ignore embedded commands within the interpolated external data.
- Capability inventory: The skill possesses significant capabilities, including the ability to search across CRM records (companies, contacts, deals), access user calendars, and query a CRM data warehouse.
- Sanitization: No sanitization, validation, or filtering of the content fetched from external sources is performed before it is synthesized into the final MEDDIC brief.
Audit Metadata