advisor-strategy

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill uses a template to generate a 'Brief' for a sub-agent (Advisor) which incorporates user-provided text. While this creates an indirect prompt injection surface, it is mitigated by internal constraints.
  • Ingestion points: The {원문 그대로 적기} (User Request) placeholder in SKILL.md (Step 1) ingests untrusted user input directly into the advisor's prompt.
  • Boundary markers: The template uses Markdown headers (e.g., ## 과제) to organize the context but lacks robust delimiters (like triple backticks or XML tags) to isolate user-provided strings from system instructions.
  • Capability inventory: The skill explicitly instructs the Advisor sub-agent to 'Only return advice' and 'Do not modify files or create artifacts,' which significantly restricts the potential impact of any injected instructions.
  • Sanitization: There is no evidence of explicit sanitization or escaping of the user-provided text before it is interpolated into the Brief.
  • [SAFE]: The skill includes a 'Pairing Guard' in Step 0 that ensures the consulting Advisor model is of an equal or higher tier than the executor agent, preventing degradation of logic during review.
  • [SAFE]: The skill specifies that the Advisor should only be used in a read-only capacity ('증거 경로를 read-only로 직접 열어 검증'), protecting against unauthorized file system modifications during the consultation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 02:30 AM
Security Audit — agent-trust-hub — advisor-strategy