add-tools-and-handoffs
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a developer guide for the
getpatterlibrary, providing code snippets for tool definition and call management. - [PROMPT_INJECTION]: The skill describes an architecture that ingests data from external sources (e.g., CRM lookups and webhooks), which constitutes an indirect prompt injection surface.
- Ingestion points: Output from the
lookup_customerfunction and the specifiedwebhook_url(SKILL.md). - Boundary markers: Not specified in the tutorial examples.
- Capability inventory: The agent has access to
transfer_callandend_callactions (SKILL.md). - Sanitization: No sanitization or validation of the fetched data is shown in the examples.
Audit Metadata