customer-billing-ops
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted customer data to determine billing outcomes.
- Ingestion points: Data from customer emails, support tickets, and GitHub usernames are used to identify accounts and classify billing issues in SKILL.md.
- Boundary markers: No specific delimiters or instructions are provided to separate untrusted customer content from agent instructions.
- Capability inventory: The skill has the authority to initiate refunds, cancel subscriptions, and modify billing states via integrated tools.
- Sanitization: There are no explicit steps to sanitize or validate external communications before they influence decision-making logic.
Audit Metadata