customerio-load-scale
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture includes a data ingestion surface that is susceptible to indirect prompt injection.
- Ingestion points: The Kafka consumer in
lib/scaled-processor.tsprocesses messages from thecustomerio-eventstopic. - Boundary markers: Data is ingested as structured JSON but lacks specific delimiters or instructions for the agent to ignore embedded commands.
- Capability inventory: The skill has access to
Bash(kubectl:*)andBash(curl:*)(defined inSKILL.md), and the worker scriptlib/scaled-processor.tsperforms network operations to the Customer.io API. - Sanitization: Ingested data is parsed but not validated against a schema before being used in library calls.
- [SAFE]: Credentials are handled securely using environment variables (
CUSTOMERIO_SITE_ID,CUSTOMERIO_API_KEY) and environment-based encoding inscripts/run-load-test.sh, avoiding hardcoded secrets. - [SAFE]: References to external services and documentation (k6.io and Customer.io) are restricted to well-known and reputable organizations.
- [SAFE]: The skill utilizes established and verifiable Node.js packages for its message queue and rate limiting functionality.
Audit Metadata