positioning-workshop

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through several untrusted data ingestion points. It explicitly instructs the agent to read user-provided URLs/files and perform web searches to analyze competitor websites. Malicious content on these external pages or inside user-provided files could contain instructions designed to manipulate the agent's behavior during the workshop.
  • Ingestion points: Phase 1 (reading user-provided file paths or URLs), Phase 2 (web search results from parallel research agents), and Phase 5 (team replies pasted by the user).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing this external data.
  • Capability inventory: The skill uses web search tools and text synthesis capabilities. While it does not appear to have direct file-write or subprocess execution capabilities, an attacker could influence the strategic output or potentially extract previous workshop context.
  • Sanitization: No explicit sanitization or validation of the external content is mentioned before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill's metadata identifies its origin as an external GitHub repository ('github.com/Gerstep/positioning-plugin'). While the skill content itself is primarily instructional markdown, the source originates from a third-party repository not included in the primary trusted vendor list.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:54 AM
Security Audit — agent-trust-hub — positioning-workshop