amz-chargeback-defense
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data which could contain malicious instructions designed to influence the agent's output.
- Ingestion points: The skill explicitly instructs the agent to collect and process 'the claim text Amazon sent' and 'any messaging with the buyer' in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions for the agent to ignore potentially malicious embedded commands within the processed text.
- Capability inventory: The skill has no declared tools, subprocess capabilities, or network operations, limiting the potential impact of an injection to the content of the generated narrative.
- Sanitization: No sanitization or validation steps are defined for the input data.
Audit Metadata