three-horizons
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's functionality is limited to reasoning and documentation.
- [NO_CODE]: The skill consists entirely of markdown and JSON metadata; no executable scripts (Python, Node.js) are included.
- [EXTERNAL_DOWNLOADS]: The skill references several external URLs for framework grounding, such as McKinsey, HBR, and BCG. These are well-known professional organizations, and the references are informational rather than executable.
- [PROMPT_INJECTION]: The skill processes untrusted user-supplied data in the form of business initiative lists for classification.
- Ingestion points: Initiative mapping workflow in SKILL.md.
- Boundary markers: None identified in the prompt templates.
- Capability inventory: Access to Read, Grep, WebSearch, and WebFetch tools.
- Sanitization: No explicit sanitization or input validation for initiative data is provided.
Audit Metadata