Commercialsales
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing data from external, untrusted customer sources. \n- Ingestion points: Customer portals (e.g., Covisint, SupplyOn), RFQ packages, and customer emails as detailed in
SKILL.mdandWorkflows/RfqProcess.md. \n- Boundary markers: Absent. The skill lacks delimiters or instructions to ignore commands potentially embedded in the external content. \n- Capability inventory: The skill usesreadandlstools to access related skills and documentation in~/.claude/skills/and a compliance document at~/projects/work/docs/compliance/IATF16949_Compliance_Plan.md. \n- Sanitization: Absent. There is no evidence of validation or sanitization of ingested customer data before it is used in summaries or workflows.
Audit Metadata