Skills
skills/psquared-development/psquared-skills/plan-campaign/Gen Agent Trust Hub

plan-campaign

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to perform GraphQL queries and mutations.
  • Evidence: Shell commands in SKILL.md interact with the author's CRM at https://crm.psquared.dev/graphql using a token from the .env file.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection via data retrieved from the CRM.
  • Ingestion points: Opportunity and company data fetched from the CRM API in Step 1.
  • Boundary markers: Absent; no specific delimiters or instructions are used to separate the external data from the agent's logic.
  • Capability inventory: The skill has the capability to write to the CRM (create campaigns and update opportunities) and perform network requests via curl.
  • Sanitization: The skill does not explicitly validate or sanitize the data retrieved from the CRM before using it as input for subsequent API mutations in Steps 3 and 4.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:03 PM
Security Audit — agent-trust-hub — plan-campaign