enterprise-integration-testing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core function of ingesting and validating data from external enterprise systems like SAP, WMS, and middleware services.
- Ingestion points: Data is ingested through multiple external endpoints, including SAP RFC/BAPI calls (
sapClient.call), OData services (odataClient.get), and middleware message flows (middlewareClient.sendIDoc). - Boundary markers: The provided code templates do not include explicit delimiter-based boundary markers or instructions to ignore potential commands embedded within the data payloads (e.g., IDoc status messages or material descriptions).
- Capability inventory: The skill possesses high-impact capabilities, including the ability to trigger enterprise transactions such as creating sales orders (
BAPI_SALESORDER_CREATEFROMDAT2), purchase orders (BAPI_PO_CREATE1), and modifying master data. - Sanitization: While the skill includes functional data validation (e.g., asserting status codes and field content), it lacks explicit sanitization or filtering logic designed to detect or neutralize natural language instructions hidden in external data fields.
Audit Metadata