sys-defining-goals
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill reads untrusted data from multiple files in the strategy/canvas/ directory and takes natural language input from users.
- Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the ingested canvas files.
- Capability inventory: The skill uses the Write tool to create new directories and markdown files, which can be exploited if malicious instructions are present in the source data.
- Sanitization: No input validation or escaping is performed on the extracted strategic intent or canvas data before it is written to the file system.
Recommendations
- AI detected serious security threats
Audit Metadata