ai-consultant
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill framework establishes an attack surface for indirect prompt injection by design, as it relies on the ingestion of untrusted data from external sources to generate consulting deliverables.\n
- Ingestion points: Untrusted data enters the agent context through web searches performed in Phase 1 (Pre-Engagement Research) and stakeholder interview notes collected in Phase 3 (Stakeholder Discovery) as described in
SKILL.md.\n - Boundary markers: Absent. The templates provided in
references/deliverable-templates.mddo not include delimiters or specific instructions for the agent to disregard potential instructions embedded within the gathered research or interview notes.\n - Capability inventory: The skill utilizes
web_searchand file system write operations to generate documents such ascompany-briefing.md,discovery-report.md, and project proposals.\n - Sanitization: Absent. The skill instructions do not include steps to validate, filter, or sanitize content from external sources before it is interpolated into the final deliverables.
Audit Metadata