Handoff Brief
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs expected CRM data retrieval operations consistent with its stated purpose. It uses structured data gathering via internal actions and does not attempt any unauthorized network communication or file system access.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted data from CRM sources (meeting notes, activity descriptions, and contact roles) which could contain adversarial instructions.
- Ingestion points: CRM data retrieved via
execute_actioncalls for deal records, contacts, and activity history inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the prompt templates.
- Capability inventory: The agent's capabilities are limited to read-only CRM operations within the provided context; it has no access to shell execution, sensitive local files (~/.ssh, etc.), or external network exfiltration.
- Sanitization: No sanitization or filtering logic is present to handle potentially malicious strings within the CRM data prior to summarization.
Audit Metadata