list-segmentation
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a basic shell command (
test -n "$EXTRUCT_API_TOKEN") to ensure that the required API token is available in the environment before attempting network operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes lead data and hypothesis sets from external and local sources without specific security boundaries.
- [PROMPT_INJECTION]: Ingestion points: Enriched table data fetched from api.extruct.ai and hypothesis markdown files from local context directories.
- [PROMPT_INJECTION]: Boundary markers: The workflow does not implement delimiters or explicit instructions for the AI to disregard potential commands embedded within the lead data.
- [PROMPT_INJECTION]: Capability inventory: The skill has the ability to read from the Extruct API and write CSV files to the local file system.
- [PROMPT_INJECTION]: Sanitization: No evidence of data sanitization, validation, or escaping is present in the workflow logic for handling external company information.
Audit Metadata