product-conjoint-analysis
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow for analyzing customer reviews from external sources creates a surface for indirect prompt injection attacks.
- Ingestion points: In
references/review_mining.md, the skill instructs the agent to collect reviews from platforms like Amazon, Yelp, and Reddit to extract demand-side themes. - Boundary markers: The suggested LLM prompt template in
references/review_mining.md(Step 3A) interpolates the untrusted review content directly into the prompt without using robust delimiters (e.g., XML tags) or instructions to ignore embedded commands. - Capability inventory: While the included Python scripts in the
scripts/directory (build_stacked_data.py,fit_logistic_conjoint.py,compute_insights.py) are benign, a successful injection from a malicious review could attempt to influence the agent's behavior if it has broader capabilities in its environment. - Sanitization: The skill lacks a step to sanitize or filter the review text for malicious instructions before it is processed by an LLM for theme extraction.
Audit Metadata