Copilot Research
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. (1) Ingestion points: It reads potentially untrusted data from web_search results and meeting transcripts/emails. (2) Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate external data from system instructions. (3) Capability inventory: The skill has access to CRM data and web search capabilities. (4) Sanitization: There is no evidence of sanitization or validation for the external content before it is used to generate talking points and risks.
Audit Metadata