senior-erp-pedido-venda-criar
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest data from external, attacker-controllable sources such as e-commerce marketplaces, which can contain hidden instructions.
- Ingestion points: Order data from marketplaces and checkout processes (Step 2).
- Boundary markers: No delimiters are defined to isolate untrusted order data from the agent's system instructions.
- Capability inventory: The skill has the capability to perform HTTP POST requests to create business-critical sales orders (Step 6).
- Sanitization: No sanitization or filtering of prompt-based instructions within the data is implemented.
- [Metadata Poisoning] (MEDIUM): The skill metadata claims to be generated with 'OpenAI GPT-5.2', a version that does not exist, indicating misleading or hallucinated metadata.
- [Data Exposure] (LOW): The skill handles sensitive environment variables like SENIOR_ACCESS_TOKEN. While standard for the task, these credentials could be exfiltrated if the SENIOR_BASE_URL is manipulated via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata