submit-credit-application

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's workflow (Step 0) involves executing a local Python script (scripts/validate_application.py) to verify the completeness of materials and check for active case conflicts. This represents standard functional command execution of logic provided within the skill package.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data (Category 8c), which introduces an indirect prompt injection surface.
  • Ingestion points: Customer notes and material contents are retrieved via system_api and analyzed in Step 2 and Step 3 of the SKILL.md workflow.
  • Boundary markers: The instructions do not define specific delimiters to isolate external document content from agent instructions.
  • Capability inventory: The skill has the capability to execute local scripts and initiate case creation in financial systems via internal APIs.
  • Sanitization: No evidence of input filtering, escaping, or validation of the text content within external notes or materials is presented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — submit-credit-application