customer-intel
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves processing untrusted data from various sources, which presents a surface for indirect prompt injection.\n
- Ingestion points: Data is collected from docs, CRMs, wikis, tickets, emails, and web sources as specified in SKILL.md.\n
- Boundary markers: The framework lacks instructions for establishing clear boundaries or delimiters to prevent the agent from executing commands embedded in the ingested data.\n
- Capability inventory: The skill requires access to various communication and record-keeping systems like CRMs and email.\n
- Sanitization: No mechanisms for sanitizing or validating external input are provided in the instructions.
Audit Metadata