inbound-lead-qualification
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external sources that may contain malicious instructions intended to manipulate the agent's behavior.
- Ingestion points: The skill parses raw lead data from various formats including CSVs and pasted text (Step 1), and it specifically analyzes user-generated intent data such as demo request messages and chatbot conversations (Step 5).
- Boundary markers: Absent; there are no instructions or delimiters provided to the agent to treat external lead data as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The agent has access to CRM systems (HubSpot, Salesforce), local file system read/write permissions for configuration and CSV generation, and web search capabilities for company research.
- Sanitization: Absent; the skill does not describe any validation, filtering, or escaping of the content extracted from leads before it is used for scoring and qualification logic.
Audit Metadata