ai-customer-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as its core function is to process untrusted external data such as customer transcripts and survey responses. \n
- Ingestion points: Customer transcripts, surveys, and interview data enter the agent context via the analysis workflows described in
SKILL.mdandAGENTS.md. \n - Boundary markers: The skill does not define explicit delimiters or boundary markers to isolate the untrusted customer data from the system's analytical instructions. \n
- Capability inventory: No executable scripts, subprocess calls, or network operations are included in the provided skill files. \n
- Sanitization: The instructions do not contain procedures for sanitizing or escaping the content of processed transcripts. \n- [NO_CODE]: The skill package is composed entirely of Markdown rules and a JSON metadata file; it contains no executable code or scripts. \n- [PROMPT_INJECTION]: Several rule files referenced in
SKILL.md(includingdemand-timestamps.md,segment-before-summarizing.md,surface-contradictions.md, andverification-pass.md) are missing from the repository, which prevents full verification of the agent's complete instruction set.
Audit Metadata