pipeline-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate data analysis tasks as described in its metadata and instructions. It remains within its claimed scope of CRM analysis and reporting without any signs of obfuscation or unauthorized persistence.
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection (Category 8) due to the ingestion and processing of data from external, potentially untrusted sources.
- Ingestion points: Data is pulled from external CRM APIs (Salesforce, HubSpot, Pipedrive, Close, Notion), databases (Supabase), and user-provided CSV files as specified in Step 1.
- Boundary markers: The standardization and analysis logic does not explicitly define delimiters or instructions to ignore embedded prompts within the retrieved deal data.
- Capability inventory: The skill has the capability to write to the local file system, export to cloud services (Google Sheets, Notion), and transmit data via external communication channels (Slack, Email) as specified in Step 4.
- Sanitization: No specific sanitization or validation routines for deal fields (like deal names or descriptions) are documented before the data is processed for report generation.
Audit Metadata