biz-ops-setup
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from potentially untrusted external sources, including Teams chats, emails, and external file repositories. This creates an indirect prompt injection surface where instructions hidden in the data could influence agent behavior.
- Ingestion points: Data enters the system through workIQ queries, the
_inbox/folders, and external paths defined in_datasources/external-paths.md. - Boundary markers: The system uses structured templates and instructions (e.g., in
copilot-instructions.template.md) to categorize data, although it does not implement strict 'ignore' delimiters for all external content. - Capability inventory: Deployed agents have capabilities for file manipulation (
readFile,editFiles) and thegeneral-workeragent can execute terminal commands. - Sanitization: The skill relies on natural language parsing and pattern matching rather than formal sanitization of the input data.
- [COMMAND_EXECUTION]: The
general-workeragent template includes therun/terminaltool to perform administrative tasks like file management and simple data analysis. This is a high-privilege capability but is consistent with the intended use-case of managing a local business operations workspace. - [SAFE]: The included PowerShell scripts (
Initialize-BizOpsWorkspace.ps1,Deploy-BizOpsTemplates.ps1, andCheck-ExternalFolders.ps1) are used for local environment setup and synchronization. They perform standard filesystem operations without accessing sensitive system paths or making unauthorized network connections.
Audit Metadata