domain-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of ingesting and processing untrusted business data.
- Ingestion points: The skill reads business context from external files in
plans/,team-artifacts/, anddocs/project-reference/, including 'Discovery interview notes' and 'Business evaluation reports' which may contain attacker-controlled content. - Boundary markers: The instructions lack specific requirements for the agent to use delimiters (like XML tags or triple-backticks) or 'ignore embedded instructions' warnings when processing these external artifacts.
- Capability inventory: The skill has access to high-privilege tools including
Bash,Write,Edit, andTaskCreate, which could be abused if an injected instruction is executed. - Sanitization: There are no verification or sanitization steps mentioned to filter out instructions that might be embedded within the business documentation being analyzed.
Audit Metadata