focus-group
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
audience-simulator.pyusing command-line argumentsload-panelandcreate-panelto process panel data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external sources and user inputs to simulate personas.
- Ingestion points: External CRM data (purchase history, behavioral profiles) loaded via script, user-provided 'Stimulus to test', and user-provided questions.
- Boundary markers: None identified; data is interpolated into persona contexts without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: Subprocess execution of
audience-simulator.pyand reading sensitive brand/SOP files from the filesystem. - Sanitization: No validation or sanitization of the CRM data or user stimulus is mentioned before processing.
Audit Metadata