customer-service-kb-gap-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided parameters, including ticket samples, product context, and knowledge base details, to the vendor's API endpoint at
https://ai-skills.ai/api/execute. - Evidence:
scripts/run.pyline 105:request_json("POST", EXECUTE_PATH, {"skillId": SKILL_ID, "params": params}). - [PROMPT_INJECTION]: The skill processes potentially untrusted content from external sources (e.g., customer tickets), creating an attack surface for indirect prompt injection where malicious instructions could be embedded in the data.
- Ingestion points: The
ticketSamplesandticketSamplesFilefields defined inreferences/form-schema.jsonallow users to input arbitrary text or upload files (docx, pdf, csv, etc.). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic or the agent instructions.
- Capability inventory: The
scripts/run.pyscript performs network requests to the vendor's API via theurllib.requestlibrary. - Sanitization: No input validation, escaping, or filtering is performed on the data before it is sent to the backend service for processing.
Audit Metadata