mckinsey-7s

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized command execution were detected. The skill is primarily instructional and contains no executable code or scripts.
  • [EXTERNAL_DOWNLOADS]: The skill references documentation and original research from McKinsey & Company and ScienceDirect. These are recognized, authoritative sources for business strategy frameworks and do not present a security risk.
  • [PROMPT_INJECTION]: The skill functions by ingesting and analyzing untrusted organizational data, creating an indirect prompt injection surface.
  • Ingestion points: Workflow sections in SKILL.md where the agent is prompted to collect strategy memos, org charts, and descriptions of leadership behavior.
  • Boundary markers: No specific delimiters are mandated for the external data.
  • Capability inventory: The skill utilizes Read, Grep, WebSearch, and WebFetch tools as specified in the frontmatter configuration.
  • Sanitization: No technical sanitization of ingested content is specified; however, the skill provides clear operational instructions to exclude sensitive personal and business data from analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:35 AM
Security Audit — agent-trust-hub — mckinsey-7s