insurance-underwriting-follow-up-outreach

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.
  • Ingestion points: Customer feedback obtained from phone call transcripts and message replies (SKILL.md, Step 4).
  • Boundary markers: The instructions lack delimiters or explicit warnings for the agent to ignore instructions embedded within the customer feedback.
  • Capability inventory: The skill has access to sensitive tools including call-service.make_call for dialing numbers, msg-service.send_message for sending SMS/WeChat messages, and crm-system.get_customer_info for querying customer data.
  • Sanitization: No validation or sanitization mechanisms are defined to handle potentially malicious input from the customer feedback channel.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:40 PM
Security Audit — agent-trust-hub — insurance-underwriting-follow-up-outreach