Skills
skills/toolshell/skills/customer-persona/Gen Agent Trust Hub

customer-persona

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool via Bash to execute remote AI applications for market research (Tavily, Exa) and image generation (Fal.ai).
  • [EXTERNAL_DOWNLOADS]: The documentation suggests the installation of additional tools and skills from the inference-sh repository using the npx package runner.
  • [PROMPT_INJECTION]: The skill processes data from external search providers, creating a surface for indirect prompt injection if those sources contain malicious instructions.
  • Ingestion points: Market research data and competitive intelligence fetched via tavily/search-assistant and exa/search apps.
  • Boundary markers: No delimiters or boundary markers are defined to separate untrusted search results from the persona generation instructions.
  • Capability inventory: Subprocess execution is restricted to the infsh command for platform-specific tasks.
  • Sanitization: There is no evidence of sanitization or filtering of external content before it is interpolated into the persona creation workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:10 PM