strategy-pivot-designer
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability by ingesting external data and including it in outputs that influence subsequent agent behavior.
- Ingestion points: External data enters the context in
scripts/detect_stagnation.py(via--append-eval) andscripts/generate_pivots.py(via--diagnosisand--strategy). - Boundary markers: Generated files, including Markdown reports and YAML strategy drafts, lack delimiters or specific instructions to isolate or ignore embedded prompts.
- Capability inventory: The skill possess file read and write capabilities, allowing it to propagate potentially malicious data throughout the project's strategy development cycle.
- Sanitization: While the skill uses safe loaders for parsing, it does not validate or sanitize the textual content of inputs against prompt injection patterns before including them in output files.
Audit Metadata