decision-mapping
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design.
- Ingestion points: It reads an external markdown file (the 'decision map') from the project directory during the 'Resume' flow.
- Boundary markers: The instructions explicitly state to 'Load the whole map as context' without defining delimiters or instructions to ignore potential commands embedded within that content.
- Capability inventory: Based on the context loaded from the map, the skill is authorized to invoke further skills such as
/prototype(which generates/executes code),/grilling, and/domain-modelling. - Sanitization: There is no mention of sanitization, validation, or escaping of the content retrieved from the markdown file before it is processed by the agent.
Audit Metadata