QBR Scheduler
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns of bypass attempts, role-play injections, or instructions to ignore safety guidelines were detected. The instructions are focused entirely on the business logic of scheduling reviews.
- [DATA_EXFILTRATION]: While the skill accesses sensitive CRM data (deals, contact information, activity history), it does so using platform-native
execute_actiontools. There is no evidence of data being sent to external or untrusted third-party domains. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Data enters the agent context through CRM tools like
get_deal,get_contact, andget_deal_activities(SKILL.md). - Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded within the CRM data.
- Capability inventory: The skill uses
crm,email, andcalendarcapabilities to generate structured email drafts and meeting metadata. It does not possess capabilities for file writing or system command execution. - Sanitization: There is no evidence of sanitization or filtering of the CRM data before it is interpolated into the email templates.
- [REMOTE_CODE_EXECUTION]: The skill does not download external scripts, install packages, or use dynamic execution functions like
eval()orexec(). - [COMMAND_EXECUTION]: No shell commands, subprocess spawning, or system-level operations are present in the skill definition.
Audit Metadata