smb-onboard
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by collecting and persisting untrusted user input into a shared session memory block. This data is intended to be used by other skills to personalize their behavior, which could lead to a compromise if a user embeds malicious instructions within their business profile. \n
- Ingestion points: User responses to onboarding questions regarding business sphere, size, and pain points in SKILL.md and reference/onboard-checklist.md. \n
- Boundary markers: The information is stored using standard markdown headers (e.g., ## Контекст бизнеса) and bullet points, but lacks explicit delimiters or instructions to the agent to ignore embedded commands. \n
- Capability inventory: The skill demonstrates the capability to write to 'Cowork session memory' and explicitly states that this context will be consumed by other skills. \n
- Sanitization: The instructions include a manual approval gate where the agent must present the gathered information to the user for confirmation before it is saved to memory.
Audit Metadata