Copilot Follow-up
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. The skill's behavior is consistent with its stated purpose of improving sales outreach through data-driven personalization.
- [PROMPT_INJECTION]: Analysis of the Indirect Prompt Injection surface (Category 8): 1. Ingestion points: CRM data fetched via 'get_contact' and 'get_deal' actions, and meeting transcripts retrieved through RAG searches (documented in 'SKILL.md'). 2. Boundary markers: The instructions do not specify the use of delimiters or warnings to prevent the agent from following instructions embedded within external data. 3. Capability inventory: The skill utilizes 'email' and 'crm' capabilities for drafting messages and reading business context. It does not possess capabilities for code execution or unauthorized network access. 4. Sanitization: No specific sanitization or filtering logic is described for the content retrieved from transcripts before it is used in the email drafting process.
Audit Metadata