problem-hypothesis
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill possesses an attack surface where untrusted data can influence the agent's logic.
- Ingestion points: Reads multiple external files containing customer data (
define/관찰결과.md,define/체험결과.md,define/고객경험인터뷰결과.md). - Boundary markers: Absent. The skill does not instruct the agent to ignore instructions embedded within the data files or use delimiters to wrap the content.
- Capability inventory: The skill can write files (
define/문제가설.md, etc.) and its output directly influences high-privilege downstream logic like 'Kingpin Problem Definition' and 'Solution Ideation'. - Sanitization: Absent. There is no evidence of filtering or validation of the ingested text content.
- Data Access (LOW): The skill requires read/write access to several files in the local
define/directory. While these are necessary for its stated purpose, this access could be abused if the agent is compromised via indirect injection.
Audit Metadata