ds-churn-signals
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Stripe records and manual uploads, creating an inherent surface for indirect prompt injection.
- Ingestion points: External data enters the context through Stripe subscription details, cancellation reasons, and user-uploaded CSV or JSON files.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the reporting templates.
- Capability inventory: The skill can read local files and execute shell commands via a utility script.
- Sanitization: The skill relies on an external script for calculation, but the resulting data is interpreted by the model without specific sanitization of field contents.
- [COMMAND_EXECUTION]: The skill uses shell commands to load business context and process data.
- Evidence: The skill executes 'cat' to read product marketing context files and 'python' to run the 'ds_utils.py' script.
- Context: These executions are restricted to vendor-provided paths and are necessary for the primary function of the churn analysis tool.
Audit Metadata