convening-experts
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface where external, potentially untrusted data is interpolated into the agent's reasoning prompts.
- Ingestion points: The prompt templates defined in 'references/craft-panel-templates.md' consume data from local project artifacts using placeholders such as {goal}, {charter_path}, {backlog_path}, {plan_path}, {research_report_path}, and {strategic_assessment_path}.
- Boundary markers: The prompt templates lack explicit structural delimiters (such as XML tags or unique string wrappers) to isolate the interpolated user data from the core system instructions, which increases the risk of the agent obeying embedded instructions within the artifacts.
- Capability inventory: The skill is designed to write persistent assessment files to the '.docs/canonical/assessments/' directory based on the output of the panel discussions.
- Sanitization: The skill provides detailed documentation in the 'Template Security' section of 'references/craft-panel-templates.md' regarding the expected validation and sanitization of paths and fields (e.g., regex matching for endeavor names and path traversal checks), though the enforcement of these rules relies on the external orchestrator rather than the skill's own logic.
Audit Metadata