Skills
skills/onewave-ai/claude-skills/renewal-predictor/Gen Agent Trust Hub

renewal-predictor

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a surface for indirect prompt injection.
  • Ingestion points: According to the 'Execution Protocol' in SKILL.md, the agent reads communication logs, email threads, meeting notes, and CRM exports.
  • Boundary markers: There are no instructions in the skill to wrap this external content in delimiters or to provide 'ignore embedded instructions' warnings during processing.
  • Capability inventory: The skill utilizes Bash, Grep, Read, and Write tools to analyze data and generate a renewal-forecast.md file.
  • Sanitization: No specific sanitization or escaping mechanisms are described for the content ingested from the external data files before it is processed by the model.
  • [COMMAND_EXECUTION]: The skill's execution protocol involves using shell-based utilities on potentially untrusted strings.
  • Evidence: The instructions in SKILL.md direct the agent to 'Use Grep to search for account names, metric patterns, and keywords'. If account names or other search terms are derived from untrusted input and passed directly to the Bash tool, it could lead to command injection if the agent does not properly escape the arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 05:26 PM