the-sit-down
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to bypass user confirmation and interaction loops during phase transitions.
- Evidence: In Step 5, the instructions command the agent to "Immediately invoke gangsta:resource-development — do NOT ask the Don what to do next, do NOT pause, do NOT prompt for confirmation. Auto-advance is mandatory." This prevents the user from reviewing the generated contract or intervening before the next automated skill execution occurs.
- [PROMPT_INJECTION]: Potential for indirect prompt injection through the processing of untrusted external data.
- Ingestion points: Step 1 requires the agent to gather intelligence from files such as the
Reconnaissance Dossier,Grilling Consensus,Project Constitution, andLedger Entries. - Boundary markers: Absent. The instructions do not define delimiters or provide guidance to the agent to disregard instructions embedded within these external documents.
- Capability inventory: The skill writes binding specification files to the local file system (
docs/gangsta/...) and invokes external skill dependencies (gangsta:the-consigliereandgangsta:resource-development). - Sanitization: Absent. There are no requirements to sanitize, escape, or validate content derived from external intelligence before it is incorporated into the formal project specification.
Audit Metadata