Skills
skills/anassahel/supersail/sailpoint-stuck-requests/Gen Agent Trust Hub

sailpoint-stuck-requests

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from external data sources.
  • Ingestion points: In SKILL.md (Step 2), the agent parses JSON output from the sail api get command, which includes user-influenced fields such as access request names and error messages.
  • Boundary markers: No specific delimiters or instructions are used to isolate the API data from the agent's internal logic or instructions.
  • Capability inventory: In SKILL.md (Step 4), the agent can execute commands to cancel or force-close requests in the SailPoint tenant using sail api post calls.
  • Sanitization: The instructions do not define any sanitization or validation for the data received from the API before processing or display.
  • [COMMAND_EXECUTION]: The skill workflow requires executing commands via the sail CLI on the local system. This behavior is necessary for its primary function and is documented for the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 11:31 AM