ae-handoff-brief
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by synthesizing data from untrusted external sources such as HubSpot deal notes and Clari call transcripts. * Ingestion points: The skill retrieves data using hubspot_get_deal, clari_get_call_summary, and search_threads. * Boundary markers: No delimiters or instructions are used to distinguish untrusted data from system instructions. * Capability inventory: The skill can create email drafts via gmail_create_draft and update CRM records using ask_agent. * Sanitization: There is no evidence of validation or sanitization for the ingested external content.
- [DATA_EXFILTRATION]: The skill reads business data from HubSpot and Clari to populate briefing documents. This access is consistent with its intended business purpose and data is only moved to authorized internal endpoints.
Audit Metadata