owner-meeting

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by persisting user-provided dialogue into local documentation files that are subsequently used as agent context. If a user provides malicious instructions disguised as project requirements or meeting notes, these can influence the agent's behavior in later turns when the documentation is read back.
  • Ingestion points: Untrusted user input and dialogue during 'owner-meeting' sessions, as described in SKILL.md and processed into files in the .boss/ directory.
  • Boundary markers: The skill requires the agent to provide a verbal summary and obtain explicit user confirmation ('要不要先记一下?') before writing data to disk.
  • Capability inventory: File system read/write access to manage the .boss/ directory structure, including requirements/, architecture/, and meetings/.
  • Sanitization: No programmatic sanitization is defined; the skill relies on the AI agent's summarization process to filter and structure the data before storage.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 01:59 AM
Security Audit — agent-trust-hub — owner-meeting