customer-review-aggregator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect instructions via external review data. * Ingestion points: File 'SKILL.md' describes workflows ingesting data from URLs (via WebFetch), CSV uploads, and manual copy-pasting from sites like Reddit, Twitter, and G2. * Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or treats review content strictly as data rather than instructions. * Capability inventory: The skill uses 'WebFetch' to retrieve external content and performs complex analysis and report generation based on that content. * Sanitization: Absent. No logic is defined to validate, filter, or escape potential malicious payloads within the processed reviews.
Recommendations
- AI detected serious security threats
Audit Metadata