square-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill directs the agent to retrieve and process data from the Square API, which serves as a potential vector for indirect prompt injection.
- Ingestion points: Data is ingested via
SQUARE_LIST_PAYMENTS,SQUARE_SEARCH_ORDERS, andSQUARE_LIST_INVOICES. - Boundary markers: Absent; there are no instructions to the agent to treat external data as untrusted or to use specific delimiters.
- Capability inventory: No local scripts or exploitable capabilities are included in the skill files.
- Sanitization: No sanitization or validation of the ingested Square data is mentioned.
- [No Code] (SAFE): This skill contains only a markdown instructional file and no executable scripts or binaries.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or access to sensitive local file paths were detected.
- [Prompt Injection] (SAFE): No malicious override instructions, DAN patterns, or bypass markers were found in the instructional content.
Audit Metadata