startup-business-analyst-business-case
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it instructs the agent to ingest and process untrusted external materials such as pitch decks and market data. * Ingestion points: Step 1 'Available Materials' section. * Boundary markers: None present to delimit user-provided content from system instructions. * Capability inventory: Access to Bash, Write, Edit, and WebFetch tools. * Sanitization: No sanitization or validation logic is defined for the external content.
- [COMMAND_EXECUTION]: The skill requests permission to use the Bash tool in its metadata. While no specific malicious commands are defined in the instructions, providing shell access for a task involving untrusted document processing increases the risk of exploitation if an indirect prompt injection occurs.
Audit Metadata