positioning-workshop
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through several untrusted data ingestion points. It explicitly instructs the agent to read user-provided URLs/files and perform web searches to analyze competitor websites. Malicious content on these external pages or inside user-provided files could contain instructions designed to manipulate the agent's behavior during the workshop.
- Ingestion points: Phase 1 (reading user-provided file paths or URLs), Phase 2 (web search results from parallel research agents), and Phase 5 (team replies pasted by the user).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing this external data.
- Capability inventory: The skill uses web search tools and text synthesis capabilities. While it does not appear to have direct file-write or subprocess execution capabilities, an attacker could influence the strategic output or potentially extract previous workshop context.
- Sanitization: No explicit sanitization or validation of the external content is mentioned before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill's metadata identifies its origin as an external GitHub repository ('github.com/Gerstep/positioning-plugin'). While the skill content itself is primarily instructional markdown, the source originates from a third-party repository not included in the primary trusted vendor list.
Audit Metadata