Deal Handoff Brief
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill intentionally accesses sensitive information from a CRM, including deal values, stakeholder contact details, meeting transcripts, and internal strategy notes. This data is used exclusively to populate the handoff brief and transition email as requested by the user.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources (CRM activity logs, meeting notes, and stakeholder roles) and interpolates this content into the generated handoff brief.
- Ingestion points: Data is ingested via
execute_actioncalls inSKILL.md(e.g.,get_deal_activities,get_meetings). - Boundary markers: The skill does not explicitly define delimiters to isolate untrusted CRM content from the agent's instructions.
- Capability inventory: The skill utilizes the
crmcapability to read and process records. - Sanitization: There is no evidence of sanitization or filtering for the data retrieved from the CRM fields.
- [SAFE]: All external resources and tool calls (e.g.,
execute_action) are consistent with the vendor's (SixtySecondsApp) infrastructure and intended sales-enablement use case.
Audit Metadata