square-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill allows the agent to ingest untrusted data from Square and perform sensitive operations based on that data.\n
- Ingestion points: Untrusted data enters the context via
SQUARE_LIST_PAYMENTS,SQUARE_SEARCH_ORDERS, andSQUARE_LIST_INVOICES.\n - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded in the Square data.\n
- Capability inventory: The skill utilizes powerful tools including
SQUARE_CANCEL_PAYMENT,SQUARE_UPDATE_ORDER, andSQUARE_CANCEL_INVOICE.\n - Sanitization: Absent. There is no mention of escaping or validating the external data before it is processed.\n- [No Code] (SAFE): The skill package is entirely markdown-based and does not include any executable scripts, binaries, or configuration files that run code.
Audit Metadata