Campaign Performance Monitor
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing untrusted data from external email recipients.
- Ingestion points: In
SKILL.md, under "Source 1: Instantly API", the skill fetches raw reply text for classification. - Boundary markers: The instructions do not implement delimiters or specific "ignore instructions" warnings to prevent the model from obeying commands hidden within email replies.
- Capability inventory: The skill possesses capabilities to modify state, including updating lead statuses in the
instantly_apiand creating tasks or updating contact info in CRM tools. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external reply content before it is processed by the classification framework in
references/reply-classification.md.
Audit Metadata