voice-of-customer-synthesizer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability surfaces for Indirect Prompt Injection. \n
- Ingestion points: External data is fetched from attacker-controllable platforms including G2, Trustpilot, Capterra, Reddit, and Twitter (Phases 1B and 1C). \n
- Boundary markers: There are no specified delimiters or 'ignore' instructions implemented to prevent the LLM from obeying instructions embedded in the feedback data. \n
- Capability inventory: The skill possesses file-writing capabilities (Phase 5:
clients/<client-name>/...) and executes external scripts. \n - Sanitization: No evidence of sanitization or validation of external content prior to analysis.
- [EXTERNAL_DOWNLOADS]: The skill references external, third-party scraping utilities (
review-scraper,twitter-scraper,reddit-scraper) for data collection. These tools are not sourced from the trusted vendor list and represent unverifiable external dependencies. - [COMMAND_EXECUTION]: Documentation suggests executing the skill via command-line using
python3 run_skill.py. This pattern involves executing local logic on aggregated data, which requires a properly isolated environment to mitigate risks from processed untrusted input.
Audit Metadata