advisor-strategy
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses a template to generate a 'Brief' for a sub-agent (Advisor) which incorporates user-provided text. While this creates an indirect prompt injection surface, it is mitigated by internal constraints.
- Ingestion points: The
{원문 그대로 적기}(User Request) placeholder inSKILL.md(Step 1) ingests untrusted user input directly into the advisor's prompt. - Boundary markers: The template uses Markdown headers (e.g.,
## 과제) to organize the context but lacks robust delimiters (like triple backticks or XML tags) to isolate user-provided strings from system instructions. - Capability inventory: The skill explicitly instructs the Advisor sub-agent to 'Only return advice' and 'Do not modify files or create artifacts,' which significantly restricts the potential impact of any injected instructions.
- Sanitization: There is no evidence of explicit sanitization or escaping of the user-provided text before it is interpolated into the Brief.
- [SAFE]: The skill includes a 'Pairing Guard' in Step 0 that ensures the consulting Advisor model is of an equal or higher tier than the executor agent, preventing degradation of logic during review.
- [SAFE]: The skill specifies that the Advisor should only be used in a read-only capacity ('증거 경로를 read-only로 직접 열어 검증'), protecting against unauthorized file system modifications during the consultation process.
Audit Metadata