israeli-client-payment-chaser
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources (invoices) and processes it with powerful capabilities.\n
- Ingestion points: In SKILL.md and SKILL_HE.md (Step 1), the agent is instructed to import invoice data from external files or manual input.\n
- Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore any embedded instructions within the processed invoice data.\n
- Capability inventory: The agent has access to Bash(python:*) for arbitrary command execution and WebFetch for network requests.\n
- Sanitization: There is no requirement for the agent to sanitize or validate the imported data before using it to generate reports or communications.
Audit Metadata