inbound-lead-triage
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external lead sources.
- Ingestion points: Lead form messages, chat transcripts, and company/person fields extracted during collection in SKILL.md (Step 1) and enrichment (Step 4).
- Boundary markers: The instructions do not define clear delimiters or instruct the agent to ignore potentially malicious commands embedded within the lead data when summarizing or drafting responses.
- Capability inventory: The agent uses the processed data to draft emails, perform web searches, and potentially interact with CRM systems in SKILL.md (Step 5).
- Sanitization: There are no specified sanitization or validation steps for the content of lead messages before they are incorporated into agent prompts.
Audit Metadata