Ops Automation Builder
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a structured framework for automation (triggers, conditions, actions) that operates on internal data tables.
- [DATA_EXPOSURE]: While the skill interacts with external services like HubSpot and Slack, these are intended functional integrations. The skill does not hardcode credentials or exfiltrate data to unauthorized domains.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes data from table cells which may originate from untrusted sources.
- Ingestion points: Data enters the system through
table_idcell values, row creation events, and enrichment results. - Boundary markers: The skill uses structured JSON for logic definitions (
condition,action_config), which helps isolate data from instructions, though explicit boundary markers for cell content are not specified. - Capability inventory: The skill can perform write operations (
update_cell,add_tag), execute external tools (run_enrichment), and perform network operations (push_to_hubspot,notify). - Sanitization: There is no explicit mention of sanitizing or escaping external content before processing or interpolation into notification messages.
Audit Metadata