decision-mapping
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes an external Markdown file (the 'decision map') and loads its entire content into the agent's context during the 'Resume' phase. This creates a surface for indirect prompt injection where malicious instructions embedded in a project's map file could influence the agent's behavior.
- Ingestion points: The skill loads the whole map file as context in the Resume workflow described in SKILL.md.
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to prevent the agent from following instructions found within the map file.
- Capability inventory: The skill can invoke other agent capabilities such as /prototype (code generation) and performs file system writes to update the map.
- Sanitization: Absent. The skill does not describe any validation or filtering of the content loaded from the markdown file.
Audit Metadata