Daily Focus Planner
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes data retrieved from external CRM and task management systems through the
execute_actioncapability. This creates a potential surface for indirect prompt injection if malicious instructions are embedded within deal names, contact notes, or task descriptions. - Ingestion points: Data is ingested from
pipeline_deals,contacts_needing_attention, andopen_tasksvia platform tool calls. - Boundary markers: The skill definition does not explicitly define delimiters (e.g., XML tags or triple quotes) to isolate ingested data from the instruction logic.
- Capability inventory: The skill is restricted to reading from CRM/Tasks and generating structured output. It lacks high-risk capabilities like arbitrary command execution, file system writes, or outbound network requests.
- Sanitization: No explicit sanitization or filtering of the ingested content is described in the skill logic.
Audit Metadata