afrexai-business-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted external data (e.g., lead processing, invoicing, support escalation) and provides the agent with high-privilege capabilities including 'implement using agent tools — cron jobs, APIs, scripts'.
- Ingestion Points: Processing of 'inbound leads', 'invoice processing', and 'support escalation' data.
- Boundary Markers: None identified in the provided documentation or templates.
- Capability Inventory: Command execution via scripts and persistence via cron jobs.
- Sanitization: No evidence of sanitization or validation of the business data before it influences script generation or API calls.
- Command Execution & Persistence (MEDIUM): The skill explicitly encourages the agent to create and run 'scripts' and 'cron jobs'. This facilitates the execution of arbitrary code and the establishment of persistence on the host system without explicit safety constraints provided in the skill body.
- External References (LOW): The README references external, unverified 'Context Packs' and other skills from the 'AfrexAI' brand. While currently limited to marketing, these external dependencies increase the supply chain risk for users installing the suite of tools.
Recommendations
- AI detected serious security threats
Audit Metadata