Skills
skills/skillssh/skills/customer-persona/Gen Agent Trust Hub

customer-persona

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the infsh CLI via the Bash tool. This execution is scoped to the infsh command set within the skill's environment configuration.
  • [EXTERNAL_DOWNLOADS]: The skill references installation instructions and additional functionality modules hosted in the inference-sh GitHub repository. It also documents the use of the npx skills add command to fetch sub-skills from the same vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external search providers (Tavily and Exa) to generate persona profiles. \n
  • Ingestion points: Web search results and answers retrieved via tavily/search-assistant, exa/search, and exa/answer (SKILL.md). \n
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the retrieved search data. \n
  • Capability inventory: The agent has the ability to execute shell commands via Bash(infsh *) across the skill workflow (SKILL.md). \n
  • Sanitization: No evidence of sanitization, filtering, or validation of the ingested search content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 06:43 AM
Security Audit — agent-trust-hub — customer-persona