ticket-deflector

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Human-in-the-Loop Verification: The skill implements explicit 'Approval Gates' for critical operations. Specifically, Workflow Step 5 requires the owner to review and approve email drafts, and Step 6 requires a separate 'Y' confirmation before a PayPal refund is issued. This design pattern significantly reduces the risk of unintended actions resulting from processed data.
  • Untrusted Data Ingestion: As described in Step 1 of the Workflow in SKILL.md, the skill ingests content from customer emails and forwarded threads. Because this external data is used to inform the agent's drafting and decision-making process, it represents a potential surface for indirect prompt injection. A malicious email could attempt to include instructions meant to override agent behavior. However, the presence of manual approval steps for both communication and financial transactions serves as a primary mitigation against such attempts.
  • Data Access and Privacy: The skill accesses financial history (PayPal) and customer records (HubSpot). This access is central to the skill's stated purpose of ticket deflection. The skill includes instructions to use specific transaction IDs and narrow search windows to minimize unnecessary data retrieval and avoid rate-limiting issues.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 05:32 PM