executive-summary

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it is designed to ingest and process untrusted external data (PDF, Markdown, DOCX) and tool outputs to generate executive summaries.
  • Ingestion points: The skill accepts raw reports (10-50 pages) and data from other modules like moai-finance and moai-pm as seen in the 'Workflow' and 'Related Skills' sections.
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat ingested data as untrusted or to ignore any instructions embedded within the source documents.
  • Capability inventory: The skill has the capability to trigger several file generation tools including pdf-writer, docx-generator, pptx-designer, and hwpx-writer through its chainable workflow.
  • Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the content of the reports being summarized.
  • [EXTERNAL_DOWNLOADS]: The skill references a well-known industry analysis service (Mordor Intelligence) for market data citations. This is documented as a standard reference for the skill's intended business use case.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:27 AM
Security Audit — agent-trust-hub — executive-summary