guard-review-qbr
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to facilitate document preparation and data summarization. All operations and instructions are consistent with its stated purpose, and no malicious behaviors or safety guideline bypasses were found.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it is designed to ingest and process external, untrusted data.
- Ingestion points: The skill accepts conversational briefs, CRM pastes, messy notes, and uploaded PDFs (
SKILL.mdStep 1,references/input-rules.md). - Boundary markers: There are no explicit delimiters (e.g., XML tags or "ignore instructions" wrappers) defined to isolate untrusted user data from the core prompt logic.
- Capability inventory: The skill has the capability to generate text-based QBR briefs, talking points, and email recaps, and refers to a pattern for PPTX slide generation.
- Sanitization: No validation or sanitization mechanisms are described for the external content before it is processed by the model.
Audit Metadata