funnel-planner
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill uses hidden instructions to steer the agent's behavior, specifically instructing it to hide internal validation steps from the end-user.
- Evidence: Step 6 in SKILL.md contains the instruction "Do not flag the checklist to the user — just ensure the output passes."
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates user-provided data into generated prompts for subsequent execution without sanitization.
- Ingestion points: The
niche,product, andgoalfields in the Input Schema (SKILL.md). - Boundary markers: Absent. No delimiters or instructions are provided to prevent the agent from obeying instructions embedded in these fields.
- Capability inventory: The skill has no direct code execution but generates
invocation_promptstrings for other skills to execute. - Sanitization: Absent. The skill provides no validation or escaping for external content before interpolation.
- [NO_CODE]: The skill consists exclusively of Markdown documentation and does not contain any executable scripts, binaries, or automated code installation commands.
Audit Metadata