plan-funnel
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified during the analysis of the skill's instructions, agent prompts, or support scripts.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local TypeScript utility scripts (e.g.,
manifest-sync.ts,append-loop-result.ts) within the project environment. These scripts perform routine file operations like indexing markdown files and updating local TSV/JSON data stores. Security checks, such as symlink detection and path normalization, are present in the scripts to prevent path traversal. - [EXTERNAL_DOWNLOADS]: The
baseline-collector-agentuses WebSearch to gather public industry benchmarks for conversion rates and costs. This is a functional requirement to provide context when user data is missing and does not involve downloading executable content. - [PROMPT_INJECTION]: The skill uses 'Critical Gates' and 'Durable Rules' to enforce business logic and data quality (e.g., ensuring numeric baselines exist). These instructions are designed to prevent the AI from generating 'aspirational' or 'hallucinated' business targets and do not attempt to bypass platform safety filters.
- [DATA_EXFILTRATION]: The skill maintains a local 'Experience Layer' in
docs/forsvn/experience/to persist business context across sessions. The analysis found no evidence of sensitive data (like credentials or private SSH keys) being accessed or transmitted to external domains.
Audit Metadata