meddic-call-prep-auto
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and synthesizes data from attacker-controllable sources.
- Ingestion points: Untrusted data enters the agent context via
gcal_get_event(event descriptions) andhubspot_get_deal(deal notes) as specified in Stage 1 of the workflow in SKILL.md. - Boundary markers: Absent. The workflow does not define delimiters or instructions for the agent to ignore embedded commands within the gathered context.
- Capability inventory: The agent has broad read access across HubSpot, Google Calendar, and the Apollo enrichment platform, as well as access to an internal data warehouse via the
ask_agenttool (SKILL.md, Stage 1d). - Sanitization: Absent. There is no evidence of escaping or validating the external content before it is passed to the MEDDIC Synthesis stage.
- [DATA_EXFILTRATION]: The skill aggregates highly sensitive data, including PII (attendee emails and LinkedIn profiles) and proprietary business intelligence (deal amounts, stages, and competitive displacement strategies). While this is consistent with the stated business purpose, the consolidation of data from multiple authenticated platforms into a single brief increases the potential impact of data exposure if the agent session is compromised.
Audit Metadata