Store Performance Narratives
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through untrusted data processing.
- Ingestion points: Untrusted data enters via sales_data, traffic_data, transaction_data, labor_data, and inventory_data as defined in SKILL.md.
- Boundary markers: The skill instructions do not specify any delimiters or ignore-instructions to isolate external data.
- Capability inventory: No dangerous tools or actions (network, file-write, subprocess) are defined in the skill body or metadata.
- Sanitization: There are no mentions of data validation or cleaning to mitigate embedded instructions.
- Mitigation: Implement strict schema validation for CSV/JSON inputs and use XML-style tags to wrap data in prompts to prevent the agent from misinterpreting data as instructions.
Audit Metadata