cohort-access-request
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted customer communications to facilitate account access modifications.\n
- Ingestion points: Customer input fields found in references/canonical.md and references/real-responses.md.\n
- Boundary markers: Customer inputs are delimited using triple backtick markdown blocks.\n
- Capability inventory: The agent is authorized to restore cohort access, resolve UI issues, and manage Discord role assignments.\n
- Sanitization: No explicit sanitization or filtering of customer input is defined within the skill.\n- [PROMPT_INJECTION]: The file references/real-responses.md contains a block of hidden characters (U+200C, U+200B, U+200D, U+200E, U+200F, U+FEFF) in the email header for example cnv_quxt29z. While typical for email marketing metadata, these characters represent an obfuscation vector.\n- [NO_CODE]: This skill consists entirely of markdown documentation and response templates with no executable scripts or binary files, which significantly limits the potential for remote code execution or privilege escalation.
Audit Metadata