chief-customer-officer-advisor
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Its analysis scripts ingest external JSON files (e.g.,
customers.json,cohorts.json) and output the contents for the agent to use in its advisory tasks. Maliciously crafted fields like customer names could contain instructions designed to deceive the agent. - Ingestion points: Data enters the agent's context through script outputs in
scripts/retention_decomposition_analyzer.py,scripts/customer_segmentation_designer.py, andscripts/cs_coverage_calculator.py. - Boundary markers: Absent. The skill does not instruct the agent to distinguish between its own logic and data-driven output from the scripts.
- Capability inventory: The provided Python scripts perform logic and math operations without network access, file writes, or shell execution. Risk is limited to the agent's interpretation of script results.
- Sanitization: Absent. Input strings from JSON files are printed directly to the output without filtering or escaping.
Audit Metadata