decision-mapping
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by design. It loads external, potentially untrusted Markdown files called "decision maps" into the agent's context to drive subsequent actions.
- Ingestion points: The
Resumeworkflow specifically instructs the agent to load the "whole map" from a user-provided file path into the session context. - Boundary markers: The skill does not define specific delimiters or "ignore embedded instructions" warnings to help the agent distinguish between its operational logic and potentially adversarial instructions within the ticket descriptions.
- Capability inventory: Depending on the ticket content, the agent is directed to invoke additional capabilities such as
/prototype(which typically involves writing and testing code) and/to-prd(scheduling implementation). - Sanitization: There are no instructions for validating, filtering, or escaping the content of the Markdown tickets before they are interpolated into the prompt.
Audit Metadata