Customer Support Command Center
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process external, untrusted customer content (emails, ticket descriptions) and perform actions based on that content.
- Ingestion points: Processes customer emails and ticketing system data.
- Boundary markers: None specified; the README does not mention the use of delimiters or instructions for the agent to ignore embedded commands in support tickets.
- Capability inventory: Automated response drafting ('HEARD-method response'), ticket routing, SLA timer management, and knowledge base modification. These are 'write' and 'decision' capabilities with side effects.
- Sanitization: No evidence of sanitization or filtering of external input before it is interpreted by the agent.
- Metadata Poisoning (MEDIUM): There is a discrepancy between the branding in the README ('AfrexAI') and the owner listed in the metadata ('1kalin'). This could indicate an attempt to misrepresent the origin or trustworthiness of the skill.
- External Downloads (MEDIUM): The installation instructions utilize 'clawhub', an external registry. Without verified source code for the underlying logic, the actual behavior of the installation scripts cannot be audited.
- Data Exposure (LOW): While this specific skill handles support data, the README links to a related skill ('afrexai-email-to-calendar') that explicitly requests access to extract data from a user's inbox, indicating a developer pattern of requesting high-privilege data access.
Recommendations
- AI detected serious security threats
Audit Metadata