pitch
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for narrative construction and fundraising preparation. It does not initiate network connections, execute shell commands, or access sensitive system directories.
- [PROMPT_INJECTION]: The skill utilizes a local file (innov.local.md) to provide context-aware responses, which introduces a surface for indirect prompt injection.
- Ingestion points: The skill reads venture-specific details from innov.local.md located in the working directory.
- Boundary markers: There are no explicit delimiters or protective instructions used when interpolating data from the context file into the agent's prompts.
- Capability inventory: The skill lacks any dangerous tools; it cannot write files, run subprocesses, or access the network.
- Sanitization: No input validation or filtering is applied to the content of the local configuration file.
- Assessment: Because the skill's capabilities are restricted to text output and it has no access to sensitive data or external systems, this surface represents a negligible security risk.
Audit Metadata