Skills
NYC
skills/duc01226/easyplatform/business-analyst/Gen Agent Trust Hub

business-analyst

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted external content during the refinement of business ideas and user stories.
  • Ingestion points: The /refine and /story workflows read content from idea-file and pbi-file respectively (SKILL.md).
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat this content as untrusted data.
  • Capability inventory: The skill is permitted to use Write, Edit, and TodoWrite tools to modify the project environment.
  • Sanitization: Absent. There is no logic to filter or validate requirements before they are processed by the agent.
  • [Dynamic Execution] (MEDIUM): File path construction for discovery operations relies on untrusted metadata.
  • Evidence: The Dynamic Module Discovery section uses {frontmatter.domain_path} to construct paths for Glob and Read operations. An attacker could provide a malicious domain_path in an idea file to perform directory traversal or scan unauthorized parts of the file system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:06 AM