money-panel

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted business plan data which influences the behavior and outputs of multiple sub-reviewer personas.\n\t- Ingestion points: Untrusted content is ingested from ~/.smtm/sessions/{slug}/, ~/.smtm/projects/{slug}/learnings.jsonl, and user-specified markdown file paths.\n\t- Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when passing untrusted plan data to sub-skills.\n\t- Capability inventory: The skill reads local files and orchestrates the execution of four additional agent skills (/money-review-investor, /money-review-customer, /money-review-operator, /money-review-skeptic).\n\t- Sanitization: Absent; the skill does not perform validation, filtering, or escaping of the ingested plan content before processing or synthesis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:34 PM
Security Audit — agent-trust-hub — money-panel