positioning-workshop
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'Gather Context' phase that processes untrusted external data such as website copy, customer testimonials, and competitor information. This creates an attack surface for indirect prompt injection. However, the risk is negligible as the skill lacks executable capabilities or network-enabled tools to exploit the injected instructions.
- Ingestion points: SKILL.md (Step 0: Gather Context)
- Boundary markers: Not present; the skill does not define specific delimiters for ingested text.
- Capability inventory: None; the skill is entirely text-based and contains no subprocess calls, file-write operations, or network requests.
- Sanitization: No explicit sanitization or filtering of the provided context is performed.
- [SAFE]: No obfuscation, hardcoded credentials, or persistence mechanisms were detected in the skill instructions. The skill utilizes standard interactive logic to facilitate a product management workshop.
Audit Metadata