Proactive Orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (emails, transcripts) which presents a potential surface for indirect prompt injection. This is effectively mitigated by mandatory human-in-the-loop (HITL) approval for all high-impact actions. Ingestion points: MeetingBaaS webhooks and inbound emails. Boundary markers: The orchestrator uses structured JSON state to manage context transitions between steps. Capability inventory: Capability to send emails as a representative, update CRM deal stages, and create tasks. Sanitization: Every sensitive operation requires explicit human review and approval via Slack before execution.
- [EXTERNAL_DOWNLOADS]: The skill integrates with trusted external APIs such as Apollo, Apify, and Instantly for data enrichment, which is standard functionality for this type of agent and does not involve the execution of untrusted scripts.
- [COMMAND_EXECUTION]: The orchestrator employs a self-invocation pattern to handle long-running sequences across serverless function timeout limits, managed through internal state persistence and database checkpoints.
Audit Metadata