customer-support
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to process external customer data (chat, email, social media) while having decision-making and write capabilities.
- Ingestion points: Customer support messages, social media posts, and CRM records.
- Boundary markers: There are no markers or instructions to delimit untrusted input from system instructions.
- Capability inventory: Automated ticket routing, order management, refund processing, and CRM updates.
- Sanitization: No sanitization or validation of customer inputs is specified.
- NO_CODE (LOW): The skill consists only of instructions and metadata with no executable scripts or external package dependencies provided.
Recommendations
- AI detected serious security threats
Audit Metadata