Win Note
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates data from CRM activity logs and meeting notes into the 'Deal Story' narrative. This introduces a surface for indirect prompt injection if an attacker can influence the content of CRM records.
- Ingestion points: Untrusted narrative data enters the context via
get_deal_activitiesandget_meetingscalls inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' directives for the interpolated CRM data.
- Capability inventory: The skill performs read-only CRM operations (
get_deal,get_deal_contacts,get_deal_activities,get_meetings,get_company) and generates text output. - Sanitization: The skill does not perform content validation or sanitization on the strings retrieved from the CRM timeline before including them in the final Slack message.
Audit Metadata