mna-advisor
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because its core functionality involves ingesting and acting upon untrusted external data.
- Ingestion points: In
references/capturing-updates.md, the skill defines a routine to log external messages (emails, DMs, DMs) into thethreads/directory and update the centraldeal-tracker.mdbased on this input. - Boundary markers: The instructions lack boundary markers or specific guidance to the agent to disregard instructions potentially embedded within the ingested communications.
- Capability inventory: The agent is granted extensive file-system capabilities to manage the deal repository, including creating new files, appending to logs, and performing global search-and-replace operations (using
grep) to maintain data consistency across the vault. - Sanitization: There is no requirement or routine provided for sanitizing or escaping the content of external communications before they are processed and stored in the primary tracking files.
Audit Metadata