faion-gtm-strategist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill defines a surface for Indirect Prompt Injection (Category 8) by providing instructions for the agent to process external data without sufficient guardrails.\n
- Ingestion points: The context discovery framework in
SKILL.mddirects the agent to read and analyze project files in.aidocs/product_docs/,.aidocs/backlog/,.aidocs/todo/, anddocs/directories.\n - Boundary markers: The methodology does not include specific boundary markers or instructions to treat data from these files as untrusted content, which is a standard safety measure for this vector.\n
- Capability inventory: The skill is configured with a powerful toolset including
Read,Write,Edit,Task,WebSearch, andTodoWrite, providing a significant impact surface if an injection attack is successful.\n - Sanitization: The instructions lack any data sanitization, escaping, or validation requirements for the information being ingested from the user's project environment.
Audit Metadata