scenario-multiverse-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted business data, creating a surface for indirect prompt injection. \n
- Ingestion points: Financial assumptions are loaded from a user-specified JSON file path at runtime in
src/index.ts. \n - Boundary markers: The skill does not implement delimiters or specific safety instructions to isolate ingested data from the agent's control logic. \n
- Capability inventory: The skill possesses the capability to read local files and write projection results to the filesystem using
safeWriteFile. \n - Sanitization: The input JSON is parsed into objects, but string fields are not sanitized or validated for potentially malicious instructions that could influence the agent's behavior.
Audit Metadata