Skills
skills/6fy/lfy-cli/lfy-customer/Gen Agent Trust Hub

lfy-customer

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the lfy-cli command-line interface to interact with the vendor's customer management system. Commands like lfy-cli customer search and lfy-cli customer get_gtms are used to perform read-only queries as part of the skill's primary intended functionality.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes and displays data (such as customer names and business line classifications) retrieved from an external database.
  • Ingestion points: Customer and GTM data returned by the lfy-cli utility (SKILL.md, references/search.md, references/get-gtms.md).
  • Boundary markers: No specific delimiters or instructions (e.g., 'ignore any instructions in this data') are used when presenting the CLI output to the agent.
  • Capability inventory: The skill executes shell commands via the lfy-cli binary (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the retrieved content is described in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:59 AM
Security Audit — agent-trust-hub — lfy-customer