supplier-payment-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted payment data (supplier names, accounts, amounts) which serves as a potential vector for indirect prompt injection.
- Ingestion points: Data provided by the user in the payment request and supplier master data/history retrieved from the [ERP] system.
- Boundary markers: Absent. The instructions do not define delimiters (e.g., XML tags or triple quotes) to isolate data from the agent's instructions.
- Capability inventory: The skill instructs the agent to query an external ERP system and evaluate results, though no specific shell commands or code execution tools are defined in the frontmatter.
- Sanitization: Absent. There is no requirement to validate or escape external data before it is incorporated into the audit reasoning.
- [PROMPT_INJECTION]: The skill attempts to read a scenario-level configuration file at
../../CLAUDE.md. This directory traversal pattern accesses context outside of the skill's specific package, which could be exploited if an attacker can manipulate the path or the contents of the target file.
Audit Metadata