bond
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection via the ingestion of untrusted external data. Specifically, it reads qualitative feedback and NPS data from the 'Voice' skill and processes 'cancel reasons' provided by users in 'winback' and 'subscription-retention' flows. The instructions do not include boundary markers or explicit guidance for the agent to ignore embedded instructions in this data. This ingested content could influence the agent's behavior when it writes to the persistent project journal files ('.agents/bond.md' and '.agents/PROJECT.md').
Audit Metadata