churn-risk-detector
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of untrusted data from external sources.
- Ingestion points: Processes support tickets, Slack messages, NPS comments, and email logs as specified in Phase 0 of SKILL.md.
- Boundary markers: The instructions lack delimiters or safety warnings to prevent the model from obeying instructions embedded in the analyzed data.
- Capability inventory: The skill has the capability to write analysis reports to the local file system (Path:
clients/<client-name>/customer-success/churn-risk/risk-report-[YYYY-MM-DD].md). - Sanitization: There is no mention of sanitization or filtering logic for the ingested external content.
- [COMMAND_EXECUTION]: The skill documentation includes a suggested persistence mechanism and references a command-line script.
- Evidence: SKILL.md provides a crontab entry for weekly execution:
0 8 * * 1 python3 run_skill.py churn-risk-detector --client <client-name>. - Missing Script: The script
run_skill.pyrequired for execution is not provided within the skill package.
Audit Metadata