crm-sync
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
crm-sync.pyto perform status checks, deduplication, and sync management operations. - [DATA_EXFILTRATION]: The skill reads sensitive brand profiles, guidelines, and SOPs from
~/.claude-marketing/and transmits this information to external CRM platforms via the Model Context Protocol (MCP). - [PROMPT_INJECTION]: The skill ingests untrusted data from external sources which could contain malicious instructions designed to influence the agent or the target CRM.
- Ingestion points: Data is loaded from CSV file paths, JSON arrays, manual entries, and other connected MCP platforms (Google Sheets, email platforms, etc.) as described in the 'Input Required' and 'Process' sections.
- Boundary markers: No explicit boundary markers or isolation instructions are defined to separate untrusted data from the system prompt or agent instructions.
- Capability inventory: The skill has the ability to execute
crm-sync.py, read/write files in the~/.claude-marketing/directory, and perform network operations via CRM MCP integrations. - Sanitization: The process includes data validation for email and phone formats, but lacks specific sanitization or filtering to prevent prompt injection attacks within the data payloads.
Audit Metadata