chief-of-staff
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were identified. All references to external skills are within the same vendor ecosystem (borghei).
- [NO_CODE]: The skill consists entirely of natural language instructions and metadata in Markdown format. It does not include or execute any scripts or binary files.
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection due to its processing of untrusted data.
- Ingestion points: Founder questions (user-provided) and company context/decision history files are loaded into the agent's context in SKILL.md.
- Boundary markers: Absent. The skill does not define clear delimiters or instructions to ignore potential commands within the data being processed.
- Capability inventory: The skill orchestrates multiple downstream sub-skills (CEO, CTO, Board Meeting, etc.) and uses a decision-logger. It could potentially pass malicious instructions from the input to these tools.
- Sanitization: There is no specified logic for validating or escaping user-provided questions before they are used in routing or synthesis protocols.
Audit Metadata