client-care-script

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill integrates with external MCP (Model Context Protocol) data services via 'dashscope.aliyuncs.com'. These are official vendor-owned services from Aliyun used to retrieve financial data such as fund performance and market indices.
  • [DATA_EXFILTRATION]: The skill processes sensitive customer information, including names, risk levels, and financial holdings. This data is used locally within the agent's context to generate personalized scripts and is not transmitted to unauthorized third-party domains.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from customer profiles (e.g., customer status or recent emotions). However, the skill's capabilities are limited to text generation within a fixed template, posing no significant risk of code execution or unauthorized actions based on the input data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — client-care-script