phone-verification-waterfall
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted lead data from HubSpot contacts without explicit sanitization or boundary isolation. \n
- Ingestion points: Lead data including names, emails, and job titles are pulled from the HubSpot CRM (SKILL.md, Stage 1). \n
- Boundary markers: The prompt logic does not define clear boundaries or 'ignore instructions' delimiters for the data retrieved from external contact records. \n
- Capability inventory: The skill is capable of performing batch updates to the HubSpot CRM and executing enrichment requests to third-party APIs (SKILL.md, Stages 2-4). \n
- Sanitization: No specific sanitization or escaping mechanisms are described to prevent potentially malicious strings within contact fields from influencing the agent's behavior during classification or sync operations.
Audit Metadata