smb-onboard
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Persistent Context Storage: The skill collects business information such as industry type, team size, and primary business challenges, then saves it to a persistent memory file. This shared context is designed to personalize the experience across different agent tasks, but users should be aware that stored data remains accessible to other skills in the environment.\n- Indirect Prompt Injection Surface: There is a potential surface for indirect prompt injection because the skill stores untrusted user input that is later read by other skills. If a user provides malicious instructions within their business description or headache list, these could influence the behavior of downstream skills that process the stored context.\n
- Ingestion points: Business details are gathered through a five-question interview process defined in SKILL.md and onboard-checklist.md.\n
- Boundary markers: The information is stored using a markdown list format, which provides structure but does not include advanced delimiters to prevent malicious instructions from being interpreted by downstream tools.\n
- Capability inventory: The skill has the capability to write to the persistent memory directory and call external tools (recipes) based on user input.\n
- Sanitization: The instructions do not explicitly specify sanitization or validation of the user's responses before storage.\n- Third-Party Integrations: The skill facilitates connections to business platforms like QuickBooks, HubSpot, and Gmail. These integrations use standard, user-authorized connectors to perform tasks like pulling cash-flow snapshots or summarizing unread emails.
Audit Metadata