add-lead
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses standard Python libraries and performs local file operations consistent with its stated purpose of CRM data management. No patterns of exfiltration, obfuscation, or unauthorized access were detected.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists due to how data is handled.
- Ingestion points: The agent reads data from several CSV files (e.g.,
companies.csv,people.csv) stored in$CRM_PATH. - Boundary markers: There are no instructions to the agent to treat data fields as inert or to ignore embedded instructions within the CSV content.
- Capability inventory: The skill employs Python code (specifically
pandas.to_csvinSKILL.md) to write to the file system. - Sanitization: There is no evidence of sanitization or validation of the content provided for text fields such as 'description' or 'notes' before they are stored, which could allow malicious instructions to persist and influence the agent during future interactions.
Audit Metadata