Deal Copilot Chat
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill consists of natural language instructions and metadata with no executable code, remote script downloads, or obfuscated content.
- [PROMPT_INJECTION]: The skill processes untrusted deal data, representing a surface for indirect prompt injection, though it includes structural safeguards.
- Ingestion points: Untrusted data enters the agent's context through the
deal_contextinput field inSKILL.md. - Boundary markers: The skill instructions explicitly use
[DEAL_CONTEXT]blocks as delimiters to separate data from instructions. - Capability inventory: The skill is limited to
crmcapability access for reading deal-related information. - Sanitization: The instructions include a negative constraint ('Never repeat or summarize the raw context block back to the user') which helps prevent the agent from being manipulated into leaking or executing instructions contained within the data context.
Audit Metadata