ai-startup-advisor
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided ideas and external data from WebSearch/WebFetch tools without boundary markers or input sanitization, while having access to high-privilege tools.
- Ingestion points: Startup idea descriptions in SKILL.md and web content retrieved via WebFetch/WebSearch.
- Boundary markers: No delimiters or isolation instructions are present to distinguish user data from the core strategic logic.
- Capability inventory: Includes Bash, Write, and Edit tool permissions which could be exploited if an injection occurs.
- Sanitization: No sanitization or filtering of external input is performed before processing.
Audit Metadata