followupboss
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill demonstrates secure implementation patterns. Authentication is handled correctly via the FUB_API_KEY environment variable, avoiding hardcoded credentials. Network operations are strictly confined to the official API domain at api.followupboss.com. The implementation uses the reputable httpx library and includes validation for input parameters such as IDs and dates. The raw command functionality is appropriately restricted to the base API URL, preventing data exfiltration to unauthorized domains.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) inherent to CRM integrations. 1. Ingestion points: The agent retrieves contact details, notes, and task descriptions from the CRM through various get and search commands. 2. Boundary markers: Data is rendered as Markdown but lacks explicit delimiters to distinguish untrusted CRM content from system instructions. 3. Capability inventory: The skill can create notes and tasks and perform arbitrary API calls within the Follow Up Boss environment. 4. Sanitization: Data retrieved from the CRM is not filtered or escaped before being displayed to the agent. This is a standard risk for such integrations and is not considered a malicious finding.
Audit Metadata