G-Pilot Fleet Operations
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The protocol describes a 'Mission Lifecycle' that processes untrusted external data to drive agent actions.
- Ingestion points: User requests received via the Dashboard are processed by an 'Architect Node' (SKILL.md).
- Boundary markers: The documentation does not specify the use of delimiters or warnings to prevent the model from obeying instructions embedded within the user data.
- Capability inventory: The 'Executor Node' has the capability to trigger Google Slides, Sheets, and Web Intel tools via a Google Auth bridge (SKILL.md).
- Sanitization: There is no mention of input sanitization, schema validation, or escaping of the 'Mission SPEC' before tool execution.
- [NO_CODE] (SAFE): No executable scripts, binaries, or configuration files were provided in the skill. The analysis is based solely on the logic described in the documentation.
Audit Metadata