churn-autopsy
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted data from various sources such as support tickets and exit feedback.
- Ingestion points: Reads client history, engagement data, support tickets, usage logs, and exit feedback from files and web sources (SKILL.md).
- Boundary markers: None identified. The instructions do not specify the use of delimiters or warnings to ignore embedded commands within the ingested data.
- Capability inventory: The skill has access to Bash, Write, and WebFetch tools (SKILL.md).
- Sanitization: No evidence of input validation, escaping, or filtering of processed data.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for data analysis and log processing. This capability could be exploited if malicious commands are embedded in the analyzed data files.
- [DATA_EXFILTRATION]: The skill handles sensitive business data including financial metrics (ARR/MRR) and contract details while possessing network capabilities via WebFetch. This combination allows for potential data exfiltration if the agent is compromised by malicious input.
Audit Metadata