business-growth-planner
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface.
- Ingestion points: The skill reads and parses external JSON data from a path provided via the 'input' argument in
src/index.ts. - Boundary markers: While the code uses structured JSON parsing which provides structural validation, it does not include delimiters or warnings to ignore embedded instructions within the string values.
- Capability inventory: The skill utilizes
fs.readFileSyncfor input and a secure wrappersafeWriteFilefor outputting results to the file system. - Sanitization: Input strings (such as business objectives or vision) are incorporated into the final business plan result without being escaped or sanitized for potentially malicious instructions.
Audit Metadata