gtm-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a vulnerability surface for indirect prompt injection (Category 8) by describing architectural patterns that process untrusted external data. 1. Ingestion points: The skill ingests 'Form submissions', 'web scrape' results, and 'email replies' (documented in references/implementation-guide.md). 2. Boundary markers: The provided instructions do not specify delimiters or guidelines for the agent to ignore embedded instructions in this ingested data. 3. Capability inventory: The skill describes capabilities for performing CRM updates and triggering automated email outreach (Stage 5). 4. Sanitization: No specific filtering or escaping mechanisms for external content are mentioned.
- [NO_CODE]: The skill consists entirely of instructional Markdown documentation; no executable scripts, binaries, or configuration files that execute code were found.
Audit Metadata