ticket-deflector
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from customer emails and messages, which is an inherent surface for indirect prompt injection. \n
- Ingestion points: Customer text from email or messenger tools is ingested for analysis in the first step of the workflow. \n
- Boundary markers: No explicit delimiters or boundary markers for untrusted input are specified in the prompt instructions. \n
- Capability inventory: The skill has access to tools for issuing refunds (~~payments), sending messages (~~mail), and updating CRM records (~~crm). \n
- Sanitization: No specific input sanitization or validation logic is implemented. \n
- Risk Mitigation: The threat of indirect prompt injection is effectively neutralized by the skill's mandatory 'Approval gates.' The agent is strictly instructed never to send a response or issue a refund without explicit, manual confirmation from the user (owner), ensuring that any malicious instructions in customer data would be intercepted by human review. \n- [COMMAND_EXECUTION]: The skill utilizes external tools (modeled as ~~payments, ~~crm, ~~mail) to perform business logic. These interactions are legitimate for the skill's stated purpose and are gated by human verification steps.
Audit Metadata