skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-advanced-troubleshooting/Gen Agent Trust Hub
customerio-advanced-troubleshooting
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard utilities including
curl,jq,dig,nc, andopensslwithin its diagnostic scripts to verify network connectivity and API responsiveness as part of the troubleshooting workflow.\n- [EXTERNAL_DOWNLOADS]: Network operations are directed towards well-known official service domains (customer.io) to retrieve status updates and perform authorized API queries.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting and displaying data from external API responses.\n - Ingestion points: User profile attributes and event data retrieved from Customer.io API endpoints in
implementation-guide.mdandimplementation.md.\n - Boundary markers: The provided code snippets do not implement explicit delimiters or instructions to ignore embedded commands in the fetched data.\n
- Capability inventory: The skill is configured with
Bash,Write, andEdittools.\n - Sanitization: Raw data from the API is logged and returned without sanitization, which is expected behavior for a technical troubleshooting and debugging tool.
Audit Metadata