business-pulse
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Comprehensive Data Ingestion Surface: The skill is designed to ingest sensitive business data from multiple external sources including financial (QuickBooks, PayPal, Square), CRM (HubSpot), and communication (Gmail, Slack) tools.
- [Consideration]: This creates a significant surface for Indirect Prompt Injection (Category 8). Malicious instructions could be embedded in customer emails, Slack messages, or CRM deal notes to influence the agent's behavior during the 'synthesis' phase.
- [Sanitization]: The skill uses a structured output template and 'writing rules' (e.g., 'Numbers lead, words follow') which helps mitigate the risk of instructions in external data being misinterpreted as commands by the agent.
- Write Capability with Confirmation: The skill includes the ability to export reports to files or post summaries to Slack.
- [Safeguard]: The documentation explicitly requires human-in-the-loop confirmation before any Slack write operations occur, preventing unauthorized data sharing.
- Autonomous Data Retrieval: The skill is instructed to pull data immediately upon invocation without additional permission prompts.
- [Context]: This is consistent with the skill's primary purpose as an automated business snapshot tool and operates within the permissions granted by the connected tools' APIs.
Audit Metadata