nooks-autopilot
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted lead data from HubSpot lists without explicit instruction to ignore embedded commands.
- Ingestion points: Lead data (name, title, company) is fetched via
hubspot_list_membersin Stage 1. - Boundary markers: Absent. The instructions do not specify delimiters or warnings for the agent to treat lead data strictly as non-executable text.
- Capability inventory: The skill possesses write capabilities including
hubspot_update_contactandcreateSequenceState(Nooks enrollment), which could be manipulated if an attacker can control lead fields. - Sanitization: No sanitization or validation of the lead-sourced strings is described before they are used in scoring or interpolated into the HTML report template.
Audit Metadata