accounts-receivable-automation
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill architecture describes systems with a surface for indirect prompt injection. 1. Ingestion points: The automated workflow ingests untrusted data from external sources, including customer company profiles, purchase order (PO) numbers, and invoice line-item descriptions. 2. Boundary markers: There are no instructions for using delimiters or boundary markers to isolate untrusted data from system instructions in the provided templates. 3. Capability inventory: The skill involves capabilities such as database writes (PostgreSQL), external API interactions (Stripe), and automated email dispatching. 4. Sanitization: The instructions do not explicitly address the need to sanitize or validate external inputs before they are used in automated email generation or database operations.
- [NO_CODE]: The skill consists of instructional markdown files and configuration JSONs for evaluation purposes. It does not include executable scripts, binaries, or library code that runs directly as part of the skill installation.
Audit Metadata