sales-revenue
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection through its ingestion of untrusted external data.
- Ingestion points: The ANALYZER agent role (referenced in SKILL.md and reference/outreach.md) ingests raw text from lead email replies via the Gmail MCP tool.
- Boundary markers: The skill does not define boundary markers or provide explicit instructions to the agent to treat lead-provided content as data rather than instructions, creating a risk of the agent following malicious commands embedded in replies.
- Capability inventory: The skill has significant operational capabilities, including the ability to write to the Epiphan CRM, initiate sequences in Apollo.io, and manage Google Calendar events.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested email text before it is processed for intent classification and used to trigger automated tool actions.
Audit Metadata