churn-prevention
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits deceptive metadata by claiming the author is 'Alireza Rezvani' while the verified author is 'aaaaqwq'. This discrepancy is a form of metadata poisoning that misrepresents the skill's origin. Furthermore, the skill contains an indirect prompt injection surface.
- Evidence Chain for Indirect Injection:
- Ingestion points: The skill instructs the agent to read 'marketing-context.md' in SKILL.md.
- Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are provided for the context file.
- Capability inventory: The skill performs subprocess execution of 'scripts/churn_impact_calculator.py' as seen in SKILL.md.
- Sanitization: Absent; no validation or filtering is performed on the ingested content.
- [COMMAND_EXECUTION]: The skill documentation includes instructions to run a local Python script, 'scripts/churn_impact_calculator.py', for churn impact modeling. This script is part of the skill package and uses standard library modules to perform calculations. It presents no inherent security risk as it does not access the network or sensitive files.
Audit Metadata