Follow-Up Triage
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill ingests untrusted data from email threads via the search_emails action in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the email content as untrusted data or to ignore potential instructions embedded within them.
- Capability inventory: The skill uses predefined platform capabilities for email and CRM access and does not include any arbitrary command execution, file system access, or uncontrolled network operations.
- Sanitization: No explicit sanitization or validation of the ingested email content is performed before processing.
Audit Metadata