customer-service-kb-gap-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-provided parameters, including ticket samples, product context, and knowledge base details, to the vendor's API endpoint at https://ai-skills.ai/api/execute.
  • Evidence: scripts/run.py line 105: request_json("POST", EXECUTE_PATH, {"skillId": SKILL_ID, "params": params}).
  • [PROMPT_INJECTION]: The skill processes potentially untrusted content from external sources (e.g., customer tickets), creating an attack surface for indirect prompt injection where malicious instructions could be embedded in the data.
  • Ingestion points: The ticketSamples and ticketSamplesFile fields defined in references/form-schema.json allow users to input arbitrary text or upload files (docx, pdf, csv, etc.).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic or the agent instructions.
  • Capability inventory: The scripts/run.py script performs network requests to the vendor's API via the urllib.request library.
  • Sanitization: No input validation, escaping, or filtering is performed on the data before it is sent to the backend service for processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — customer-service-kb-gap-analysis