sumsub-analyze-regulation
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ingestion of untrusted data from user-provided documents.
- Ingestion points: Regulatory documents (PDF or text) are read into the agent context using the Read tool.
- Boundary markers: The skill instructions do not specify any delimiters or safety warnings to prevent the agent from following malicious instructions potentially hidden within analyzed documents.
- Capability inventory: The skill generates configuration plans that guide the subsequent use of multiple creation tools (e.g., sumsub-create-level, sumsub-create-questionnaire), establishing a chain of influence from the document to the system configuration.
- Sanitization: There is no mention of sanitizing or filtering the text extracted from documents before it is processed by the agent.
Audit Metadata