Skills
skills/athina-ai/goose-skills/customer-story-builder/Gen Agent Trust Hub

customer-story-builder

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion process.
  • Ingestion points: The skill ingests untrusted text data such as interview transcripts, Slack quotes, and support tickets in the Intake phase.
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the model to distinguish between the skill's commands and instructions potentially embedded within the raw input text.
  • Capability inventory: The skill instructions explicitly direct the agent to write files to the local file system (specified in Phase 4 of SKILL.md).
  • Sanitization: No sanitization or validation of the ingested input is performed before the content is used in the reasoning process or saved to disk.
  • [NO_CODE]: The skill contains no executable scripts, binaries, or code files, and is described as a 'pure reasoning skill'.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:03 PM