call-prep
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes data from email threads, CRM notes, chat history, and web search results. This establishes a surface for indirect prompt injection where external actors could embed malicious instructions in processed data. ● Ingestion points: Email threads, internal chat mentions, and web search results. ● Boundary markers: Absent from the workflow description. ● Capability inventory: No code-based capabilities (e.g., shell access) identified in this skill. ● Sanitization: No sanitization or filtering of external inputs is defined.
- [No Code] (SAFE): The skill lacks any script files or package configuration, eliminating common vectors for malware or remote code execution.
- [Data Access] (SAFE): Access to CRM and email data is for the intended purpose of call context gathering; no exfiltration mechanisms were observed.
Audit Metadata