payment-authorization-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by retrieving untrusted text from corporate databases ([OA], [ERP]) during the payment verification process. Malicious actors could embed overrides in fields like 'Payment Use' or 'Supplier Name' to influence the agent's risk assessment.
- Ingestion points: Payment application details in Step 1 and business background descriptions in Step 3 of SKILL.md.
- Boundary markers: The skill uses structured templates for output but does not include explicit instructions to ignore potential commands embedded within the variable data fields.
- Capability inventory: The skill performs risk evaluation and authorization decisions (Step 5) based on the ingested data.
- Sanitization: There is no evidence of string validation or sanitization for the data retrieved from external systems.
Audit Metadata