business-plan
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's behavior is consistent with its stated purpose of providing professional business strategy frameworks.
- [PROMPT_INJECTION]: The skill description contains assertive steering instructions (e.g., "ALWAYS use this skill", "When in doubt... USE IT") designed to ensure the agent utilizes the specialized business frameworks provided. This is assessed as functional instruction for the agent rather than a malicious attempt to bypass safety constraints.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by instructing the agent to analyze user-provided documents and data.
- Ingestion points: User-provided business plans, financials, or data files mentioned in the Step 2 context gathering process in
SKILL.md. - Boundary markers: None explicitly defined in the prompt instructions to separate user-provided content from the agent's instructions.
- Capability inventory: The skill requests
filesystemRead,filesystemWrite, andnetworkcapabilities inskill.jsonto support its analysis and output generation workflows. - Sanitization: No explicit sanitization, validation, or instructions to ignore embedded commands within user-provided data are defined.
Audit Metadata