define-customer-profile
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It launches parallel agents to perform web research and accepts user arguments ($ARGUMENTS) that are directly interpolated into generated documents and potentially influence the behavior of sub-agents.
- Ingestion points: Web research findings from three parallel Opus agents (Phase 2) and user-provided input via $ARGUMENTS and the AskUserQuestion tool.
- Boundary markers: The workflow does not utilize explicit delimiters or instruction isolation techniques (such as XML tags or explicit 'ignore embedded instructions' warnings) when handling external or user-provided data.
- Capability inventory: The skill possesses file write capabilities (writing CUSTOMER.md and log files to /tmp) and the ability to spawn and instruct sub-agents based on synthesized data.
- Sanitization: There is no evidence of validation, escaping, or filtering of the content retrieved from web searches or provided in the initial user request before it is used to draft the ICP document.
Audit Metadata