FAQ Builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The provided file is a Markdown document outlining business workflows and templates. It does not contain any executable scripts (Python, JavaScript, Bash, etc.) or configuration files that could trigger system actions.
- [DATA_EXPOSURE] (SAFE): The skill describes workflows for mining support tickets and chat transcripts. While these involve sensitive data, the skill itself provides only instructions and does not include code to access, store, or transmit this data.
- [PROMPT_INJECTION] (SAFE): No patterns of prompt injection, such as 'ignore previous instructions' or bypass attempts, were detected in the text or metadata.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest untrusted data from external sources like social media and community forums to generate FAQ content. This presents an indirect prompt injection surface where an attacker could embed instructions in a forum post that might influence the AI's FAQ generation process. However, as this is a documentation-only skill, there is no immediate execution risk.
- Ingestion points: Workflow 1 explicitly lists 'Social media mentions' and 'Community forum posts' as data sources.
- Boundary markers: None defined in the templates or workflows.
- Capability inventory: None; the skill contains no code capabilities.
- Sanitization: None described in the text.
Audit Metadata