pmf
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses established search tools (Exa MCP and WebSearch) to retrieve market research data, analogs, and antilogs during Stage 2. These operations are core to the skill's stated purpose and use well-known services.
- [COMMAND_EXECUTION]: The skill performs standard file system operations including listing directories, creating project folders, and reading/writing markdown files to maintain state across its 10-stage pipeline. These actions are limited to the user-configured projects path.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect injection as it processes external web search results and user-provided interview notes. However, it incorporates a 'Isolation Rule' in Stage 7, instructing the agent to process data one file at a time to prevent context contamination and maintain analysis integrity.
- [SAFE]: The skill's architecture relies on transparent markdown files and explicit user configuration stored in a local config file. No obfuscation, hardcoded credentials, or persistence mechanisms were detected.
Audit Metadata