fsi-pe-deal-sourcing
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, which could lead to indirect prompt injection.
- Ingestion points: The workflow reads data from web searches, Gmail messages, and Slack conversations into the agent's context.
- Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded within the ingested data.
- Capability inventory: The agent can search internal communications and draft emails. Security is enhanced by a mandatory user review step before any outreach is performed.
- Sanitization: No data validation or sanitization processes are described for handling the content of retrieved emails or search results.
Audit Metadata