sdr-call-coaching

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted conversational data from call transcripts during the scoring process.
  • Ingestion points: Call recordings and transcripts are pulled from Nooks and Clari as defined in the source inventory.
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious commands embedded within the processed transcripts.
  • Capability inventory: The skill has the ability to send Slack messages and create Gmail drafts, which could be misused if an injection is successful.
  • Sanitization: No content filtering or sanitization of external transcript text is specified.
  • [COMMAND_EXECUTION]: The skill references using the bash date command to calculate the weekly report window. This is a standard and safe implementation for time-based logic.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from Nooks and Clari MCP servers. These are described as recognized internal integrations necessary for the skill's stated business objectives.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 04:24 PM
Security Audit — agent-trust-hub — sdr-call-coaching