owner-meeting
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by persisting user-provided dialogue into local documentation files that are subsequently used as agent context. If a user provides malicious instructions disguised as project requirements or meeting notes, these can influence the agent's behavior in later turns when the documentation is read back.
- Ingestion points: Untrusted user input and dialogue during 'owner-meeting' sessions, as described in
SKILL.mdand processed into files in the.boss/directory. - Boundary markers: The skill requires the agent to provide a verbal summary and obtain explicit user confirmation ('要不要先记一下?') before writing data to disk.
- Capability inventory: File system read/write access to manage the
.boss/directory structure, includingrequirements/,architecture/, andmeetings/. - Sanitization: No programmatic sanitization is defined; the skill relies on the AI agent's summarization process to filter and structure the data before storage.
Audit Metadata