lead-triage
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external CRM records, including lead names, company details, and activity notes. This presents an attack surface for indirect prompt injection, where malicious content in CRM notes could attempt to manipulate the agent's prioritization logic or summary content. The risk is mitigated by strict behavioral instructions that gate all write operations behind user approval.
- Ingestion points: CRM field mapping (names, company titles, notes) defined in
reference/hubspot-scoring.mdand fetched inSKILL.md. - Boundary markers: No explicit delimitation or "ignore instructions" warnings are defined for the CRM data interpolation.
- Capability inventory: The skill is limited to reading data via
~~crm,~~почта, and~~календарьtools and generating text suggestions; it possesses no subprocess execution, file-writing, or direct network capabilities. - Sanitization: No input validation or escaping of CRM content is specified.
Audit Metadata