pipeline-review
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data retrieved from external CRM systems (e.g., deal names, company descriptions, and loss reasons).
- Ingestion points: Data is pulled from various CRMs and CSV files in Step 1.
- Boundary markers: The skill does not define delimiters or provide safety instructions to the agent regarding the handling of embedded commands within the CRM data.
- Capability inventory: The skill possesses the ability to write to the local file system and perform network requests to external services in Step 4.
- Sanitization: There is no evidence of sanitization or escaping applied to the ingested data before it is interpolated into prompts for analysis and report generation.
- [DATA_EXFILTRATION]: The skill includes functionality to export analyzed pipeline data—which often contains sensitive business information—to external destinations including Slack, Notion, and the agentmail.dev email API. While these are intended features for report sharing, they represent an exfiltration surface for sensitive data.
Audit Metadata