auto-decision-framework
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions direct the agent to "auto-decide silently" for decisions categorized as "Mechanical." This creates a pattern of reduced user oversight where certain agent actions or choices are suppressed from the user's immediate view. This is mitigated by the skill's requirement to maintain a "Full audit trail" and an "Approval Gate" for more subjective decisions.
- [PROMPT_INJECTION]: The framework is susceptible to indirect prompt injection (Category 8) because it processes untrusted planning data (e.g., PRDs, blueprints, refactor-plans) to drive its automated decisions.
- Ingestion points: Planning workflows, PRD documents, and architecture blueprints provided by the user or external files.
- Boundary markers: The skill lacks explicit instructions to use delimiters or ignore embedded instructions within the processed data.
- Capability inventory: The skill itself does not invoke tools, but it determines the logic and scope of plans that are subsequently executed by other agent capabilities.
- Sanitization: No sanitization or validation of external planning content is specified before the agent uses it to make autonomous decisions.
- [NO_CODE]: The skill is a pure-prompt framework and does not contain any executable scripts, binary files, or external package dependencies.
Audit Metadata