senior-erp-cliente-upsert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection. The skill ingests untrusted data from external sources (CRM/e-commerce) and uses it to perform write operations (upsert) in an ERP. Evidence: Ingestion point in 'Passos' (data collection from lists); Capabilities include API mutations (POST/PATCH); Sanitization is limited to digit normalization; Boundary markers are absent for ingested text.
- [DATA_EXFILTRATION] (MEDIUM): Involves systematic processing and transmission of PII (CNPJ, CPF, addresses) to external endpoints (api.xplatform.com.br). While intended for the skill's purpose, it represents a data exposure surface for sensitive records.
- [COMMAND_EXECUTION] (LOW): Utilizes curl for network requests. Standard behavior for an integration skill, but presents a risk if command arguments are constructed using unsanitized external strings.
Recommendations
- AI detected serious security threats
Audit Metadata