capa-officer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The skill is designed to ingest and analyze untrusted data from external sources such as 'Trigger event documentation', 'Quality Issues', and 'Safety Issues' (defined in SKILL.md). This data directly influences 'Root Cause Identification' and 'Corrective Action Planning'. An adversary could embed malicious instructions in a quality complaint to manipulate the investigation's logic or the content of management reports. Mandatory Evidence Chain: 1. Ingestion points: CAPA Initiation and Data collection sections. 2. Boundary markers: Absent. 3. Capability inventory: High-impact decision making and coordination via scripts like 'capa-tracker.py'. 4. Sanitization: Absent.
- [NO_CODE] (INFO): The skill references several executable files in the 'scripts/' directory, including 'capa-tracker.py' and 'trend-analysis-automation.py', which were not included in the provided analysis package. This limits the audit to the instruction definitions and prevents verification of the underlying execution logic.
Recommendations
- AI detected serious security threats
Audit Metadata