mna-advisor

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because its core functionality involves ingesting and acting upon untrusted external data.
  • Ingestion points: In references/capturing-updates.md, the skill defines a routine to log external messages (emails, DMs, DMs) into the threads/ directory and update the central deal-tracker.md based on this input.
  • Boundary markers: The instructions lack boundary markers or specific guidance to the agent to disregard instructions potentially embedded within the ingested communications.
  • Capability inventory: The agent is granted extensive file-system capabilities to manage the deal repository, including creating new files, appending to logs, and performing global search-and-replace operations (using grep) to maintain data consistency across the vault.
  • Sanitization: There is no requirement or routine provided for sanitizing or escaping the content of external communications before they are processed and stored in the primary tracking files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:41 PM