israeli-customer-support-automator

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and process untrusted text data (Hebrew support tickets) from external users.\n
  • Ingestion points: Untrusted ticket data enters the system through the --text and --file arguments of the scripts/ticket-classifier.py script as described in SKILL.md (Step 1).\n
  • Boundary markers: The instructions do not recommend the use of delimiters (e.g., XML tags or triple backticks) or specific safety prompts to help the agent distinguish between its own instructions and the potentially malicious content of a support ticket.\n
  • Capability inventory: The skill has access to the Bash tool to run its Python scripts. This creates a potential command injection vector if the agent interpolates raw user input into the shell command without adequate escaping.\n
  • Sanitization: Neither the instructions nor the ticket-classifier.py script implement validation or sanitization of the input text to prevent shell metacharacters or embedded instructions from affecting execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:15 PM
Security Audit — agent-trust-hub — israeli-customer-support-automator