support-ticket-triage
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to process untrusted data from customer support tickets, emails, and chats. This creates a surface for indirect prompt injection where an attacker can embed instructions in a ticket to manipulate the agent's categorization or response logic.
- Ingestion points: Workflow Step 1 ('Parse context') explicitly ingests ticket text and product area data from external sources.
- Boundary markers: Absent. The instructions do not define delimiters (like triple backticks or XML tags) to isolate the untrusted input from the system instructions.
- Capability inventory: The skill produces 'Proposed Fix/Next Steps' and 'Reply Drafts'. While it doesn't execute code directly, its outputs are intended to drive downstream agent actions and communication, which can be subverted by injected instructions.
- Sanitization: The 'Quality checks' mention masking PII, but there is no instruction to sanitize or ignore potential command-like structures within the customer data.
Audit Metadata