morning-brief
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill aggregates sensitive business data from Calendar, CRM, and call records to generate a report sent to the author's email (tkipper@epiphan.com). This behavior is documented and aligns with the tool's primary function as a daily briefing assistant. No data is sent to unknown or untrusted external entities.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it incorporates data from HubSpot notes and Clari summaries into Gmail drafts. However, the risk is mitigated as the skill only creates drafts, which requires manual verification by the user before sending.\n
- Ingestion points: HubSpot contact/deal data and Clari call summaries.\n
- Boundary markers: Not explicitly defined in the templates.\n
- Capability inventory: gmail_create_draft, search_crm_objects, gcal_list_events, clari_search_calls.\n
- Sanitization: Not explicitly present in the provided workflow logic.\n- [EXTERNAL_DOWNLOADS]: No external code or scripts are downloaded or executed. All integrations use specific, named MCP tools.\n- [CREDENTIALS_UNSAFE]: No hardcoded API keys, secrets, or tokens were detected. The skill uses standard configuration values like a HubSpot portal ID and professional email addresses.
Audit Metadata