crm-cleanup
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected. The skill's behavior aligns with its stated purpose of CRM maintenance.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from a CRM (~~crm), which represents an indirect prompt injection surface. This risk is effectively mitigated by the skill's design, which requires explicit human approval for every change and mandates a 'side-by-side diff' view to ensure transparency before any data is modified. Specifically:
- Ingestion points: CRM data is retrieved from the ~~crm placeholder in Steps 1, 2, and 3.
- Boundary markers: The skill uses a rigid step-by-step procedural structure to handle data segments.
- Capability inventory: The skill uses Bash, Read, and WebFetch tools.
- Sanitization: Strict 'Approval gates' and a 'no-automatic-merge' policy serve as a human-review sanitization layer to prevent unauthorized actions triggered by external data.
Audit Metadata