business-analyst
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGH
Full Analysis
- SAFE (SAFE): No malicious patterns found. The skill consists of passive markdown templates and a local validation script.
- INDIRECT PROMPT INJECTION (INFO): Found potential surface for processing untrusted data in 'scripts/validate-brief.sh'. * Ingestion points: Reads local file content passed via command line argument. * Boundary markers: None present. * Capability inventory: Limited to local display and text counting (grep, wc, clear). * Sanitization: File existence check only. Severity is INFO as the script only performs display/reporting functions.
- METADATA DISCREPANCY (INFO): Automated scan reports mention a blacklisted 'requirements.md' file, but this file was not included in the provided skill payload for analysis.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata