Skills
skills/agilebydesign/agile-context-engine/ace-proposal-respond/Gen Agent Trust Hub

ace-proposal-respond

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script 'scripts/setup_response.py' executes system commands to create directory junctions on Windows systems.
  • [COMMAND_EXECUTION]: The 'scripts/build.py' script uses dynamic path modification to import executable code from sibling directories.
  • [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection (Category 8) because its primary function is to process untrusted external data such as client proposals and RFPs.
  • Ingestion points: Processes 'ProposalSource' files (PDF, PPTX, DOCX, XLSX) as defined in 'AGENTS.md'.
  • Boundary markers: No explicit sanitization or strict boundary delimiters for retrieved memory chunks are defined in the provided files.
  • Capability inventory: The skill can execute Python scripts and system commands (e.g., 'setup_response.py').
  • Sanitization: No evidence of sanitization of the proposal content before it is processed or used in prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 09:31 PM