Voice of Customer Summarizer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from product reviews, social media mentions, and community posts, which represents a surface for indirect prompt injection. Malicious instructions hidden in feedback could attempt to manipulate the agent's summary or behavior.
- Ingestion points: SKILL.md identifies several untrusted data inputs: survey_verbatims, product_reviews, social_mentions, support_transcripts, and community_posts.
- Boundary markers: The instructions do not define explicit delimiters or 'ignore' commands to isolate untrusted data from the agent's processing instructions.
- Capability inventory: The skill files contain no executable code, subprocess calls, or network operations, which significantly mitigates the risk of an injection escalating into a system-level compromise.
- Sanitization: The methodology in SKILL.md includes 'Text Cleaning' (stripping HTML and URLs) and 'PII Removal,' which provides a basic layer of defense against certain injection payloads.
Audit Metadata