Event Follow-Up Analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of analyzing event data for business development. It uses internal platform actions to retrieve contact and deal information, which is necessary for its lead prioritization logic.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted external data from attendee lists and event descriptions. This is an inherent risk in analytical skills that is mitigated in this instance by restricted, read-only capabilities.\n
- Ingestion points: Data enters via the
attendee_list,event_topic, andevent_nameinputs inSKILL.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.\n
- Capability inventory: The skill utilizes the
crmcapability for read-only actions (get_contact,get_deal,get_company_status). It lacks the ability to write to files or access external networks.\n - Sanitization: No specific input validation or sanitization mechanisms for the string inputs are defined in the skill documentation.
Audit Metadata