submit-credit-application
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow (Step 0) involves executing a local Python script (
scripts/validate_application.py) to verify the completeness of materials and check for active case conflicts. This represents standard functional command execution of logic provided within the skill package. - [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data (Category 8c), which introduces an indirect prompt injection surface.
- Ingestion points: Customer notes and material contents are retrieved via
system_apiand analyzed in Step 2 and Step 3 of theSKILL.mdworkflow. - Boundary markers: The instructions do not define specific delimiters to isolate external document content from agent instructions.
- Capability inventory: The skill has the capability to execute local scripts and initiate case creation in financial systems via internal APIs.
- Sanitization: No evidence of input filtering, escaping, or validation of the text content within external notes or materials is presented.
Audit Metadata