money-panel
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted business plan data which influences the behavior and outputs of multiple sub-reviewer personas.\n\t- Ingestion points: Untrusted content is ingested from
~/.smtm/sessions/{slug}/,~/.smtm/projects/{slug}/learnings.jsonl, and user-specified markdown file paths.\n\t- Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when passing untrusted plan data to sub-skills.\n\t- Capability inventory: The skill reads local files and orchestrates the execution of four additional agent skills (/money-review-investor,/money-review-customer,/money-review-operator,/money-review-skeptic).\n\t- Sanitization: Absent; the skill does not perform validation, filtering, or escaping of the ingested plan content before processing or synthesis.
Audit Metadata