ap-master
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates a sensitive financial process by ingesting data from external sources and configuration files without explicit safeguards.
- Ingestion points: Data retrieved from [ERP] and [CASH] systems in Step 1 and Step 2, and the
../../CLAUDE.mdconfiguration file. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat external data as untrusted or to ignore instructions embedded within the data.
- Capability inventory: The skill orchestrates high-impact actions including triple-matching, payment scheduling, and the generation of batch payment instructions for bank-enterprise direct connections.
- Sanitization: No validation, escaping, or sanitization logic is present to handle potentially malicious input from the source systems.
Audit Metadata