add-lead
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from CSV files (e.g.,
companies.csv,people.csv) usingpandas. This creates a surface for indirect prompt injection if the files contain instructions in text fields like 'notes' or 'description'. - Ingestion points: Data is loaded from local CSV files via
pd.read_csv()as described inSKILL.md. - Boundary markers: The instructions and code snippets lack explicit delimiters or safety instructions to prevent the agent from executing commands potentially embedded in the CRM data.
- Capability inventory: The skill possesses file system write capabilities using the
df.to_csv()method. - Sanitization: No data validation or sanitization of input strings is implemented in the provided Python examples to filter out potentially malicious content.
Audit Metadata