discovery-debrief
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface through its core workflow of extracting structured data from 'free-form' user input (founder's story). In Step 1, the agent is instructed to ingest this untrusted data without the use of explicit boundary markers or sanitization procedures. This untrusted content is then used to influence internal assessments and is saved to project files (e.g.,
memory/YYYY-MM-DD.md,memory/hypotheses.json), creating a path where maliciously formatted user input could potentially alter the agent's logic or corrupt stored project data.
Audit Metadata