collection-automation
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface because it processes untrusted data from an external ERP system and uses it to drive automated communication actions.
- Ingestion points: Data is fetched from an ERP system (e.g., customer names, payment history, and overdue details) and used as context for generating messages.
- Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore potentially malicious instructions embedded within the ERP data fields.
- Capability inventory: The logic permits the system to send automated SMS, emails, and official collection letters based on the processed data.
- Sanitization: There are no mentioned mechanisms for sanitizing, escaping, or validating external data before it is interpolated into communication templates.
Audit Metadata