credit-assessment
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) by instructing the agent to aggregate and analyze data from various external and internal sources.
- Ingestion points: Step 1 involves fetching data from CRM systems and external websites like Tianyancha or Qichacha; Step 2 and 4 involve ingesting financial reports and ERP transaction history.
- Boundary markers: Absent. There are no instructions to the agent to distinguish between trusted instructions and potentially untrusted data retrieved from these sources.
- Capability inventory: The agent performs high-level financial reasoning, determines credit limits, and generates formal reports based on the ingested content.
- Sanitization: Absent. The skill does not provide any mechanism for filtering or validating the external data before it is processed by the AI.
Audit Metadata