hypothesis-building
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from external files and user input to generate reasoning outputs.
- Ingestion points: The skill reads company profiles, win cases, and product information from
claude-code-gtm/context/{company}_context.mdand accepts direct user input regarding vertical markets. - Boundary markers: The instructions do not define specific delimiters or guardrails to prevent the agent from following instructions potentially embedded within the context files.
- Capability inventory: The skill uses the agent's capabilities to read from and write to the local file system (specifically
claude-code-gtm/context/directory). - Sanitization: There is no evidence of content validation or sanitization for the markdown data retrieved from the context files before it is used for hypothesis generation.
- [NO_CODE]: The skill consists entirely of markdown-based instructions and logic without including or invoking external scripts, executables, or code-based dependencies.
Audit Metadata