Skills
skills/theagentledger/agent-skills/client-relationship-manager/Gen Agent Trust Hub

client-relationship-manager

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by design. It instructs the agent to read and process content from text files in the crm/clients/ directory that may contain data from external sources (e.g., email content or meeting notes).
  • Ingestion points: Client record files (crm/clients/[client-slug].md), pipeline tracking (crm/pipeline.md), and follow-up lists (crm/follow-ups.md).
  • Boundary markers: Absent. The instructions do not specify delimiters or instructions to ignore embedded commands within the CRM files.
  • Capability inventory: The agent can read files, create new client files, and update records based on user input.
  • Sanitization: None. The skill relies on the agent's default processing of markdown text files.
  • [COMMAND_EXECUTION]: The skill provides a shell command example for the openclaw CLI to schedule automated CRM reviews. This command sets up a persistent cron task to analyze CRM data at regular intervals.
  • [DATA_EXFILTRATION]: The optional automated review feature (via the openclaw cron job) is designed to transmit summarized pipeline and client data to an external Telegram chat ID specified by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:22 AM