aa-segment-performance-comparator
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
opencommand to launch a locally generated HTML report from the/tmpdirectory. This is consistent with the skill's primary purpose of providing visual analytics to the user. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from Adobe Analytics and interpolating it into an HTML template.
- Ingestion points: External data is retrieved via the
runReport,findSegments, andfindMetricsAdobe Analytics tools. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the data interpolated into the HTML.
- Capability inventory: The skill possesses shell execution capabilities through the
opencommand used in the final phase. - Sanitization: There is no explicit requirement in the instructions to sanitize or escape data (such as segment names or metric values) before it is populated into the
{PLACEHOLDER}tokens in the HTML template.
Audit Metadata