ai-strategist
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The research prompts in
references/agent-prompts.mdestablish a broad data ingestion surface area.\n - Ingestion points: Agents 1 through 4 are instructed to use
WebSearchandWebFetchon external platforms including GitHub, Product Hunt, social media, and developer blogs.\n - Boundary markers: The prompts lack explicit delimiters or instructions to ignore potential commands embedded within retrieved web content, which could influence downstream assessment and synthesis phases.\n
- Capability inventory: The results of these searches influence tool scoring (
references/scoring-matrix.md) and deliverable generation (references/deliverable-template.md).\n - Sanitization: No sanitization logic is defined in these reference files to handle untrusted web data.\n- [Command Execution] (LOW): The error handling protocol in
references/error-handling.mddocuments a cleanup mechanism usingrm -rf {session_path}. While appropriate for temporary session management, this pattern requires strict internal validation of the session path to prevent accidental deletion of parent directories if improperly implemented by the orchestrator.\n- [Metadata Poisoning] (SAFE): All metadata and template fields inreferences/handoff-schema.mdandreferences/deliverable-template.mdare descriptive and consistent with the stated purpose of the skill.
Audit Metadata