pipeline-update
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by ingesting and processing untrusted qualitative data from CRM records and user inputs.
- Ingestion points: Processes user-provided 'Notes or context' and external data from CRM platforms (Salesforce, HubSpot, etc.) in SKILL.md.
- Boundary markers: No explicit delimiters or 'ignore instructions' warnings are provided to separate user-supplied notes or CRM-retrieved text from the agent's core instructional context.
- Capability inventory: The skill possesses read/write capabilities via CRM MCP and the local file system as described in SKILL.md.
- Sanitization: There is no evidence of sanitization or escaping for free-text inputs like meeting summaries or objection details before they are processed or logged.
- [DATA_EXFILTRATION]: The skill accesses local application configuration and records activity logs in the user's home directory, which involves handling sensitive business context.
- Evidence: Reads brand profiles, guidelines, and SOPs from
~/.claude-marketing/brands/and~/.claude-marketing/sops/. - Evidence: Writes transaction logs containing deal states and qualitative user context to
~/.claude-marketing/brands/{slug}/logs/pipeline-update-log.json.
Audit Metadata