portfolio-deal-linker
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests and processes untrusted data from multiple external platforms without explicit isolation.
- Ingestion points: Data enters the agent's context through HubSpot deal notes, activity history, Gmail message metadata, and Apollo campaign records.
- Boundary markers: The skill's workflow lacks explicit delimiters or specific instructions to disregard embedded commands that might be present in CRM notes or email bodies.
- Capability inventory: The agent can read sensitive business communications and CRM records, write to local JSONL files, and generate narrative reports.
- Sanitization: No explicit sanitization or validation logic is defined for the external content before it is interpolated into the agent's reasoning or summary tasks.
- [SAFE]: The scheduled automation (weekday runs at 7am CST) and the use of local file storage for state management (~/.claude/portfolio/) are consistent with the skill's administrative and reporting functions.
Audit Metadata