power-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and summarize external, untrusted data which may contain instructions designed to subvert the agent's logic.
- Ingestion points: The skill explicitly instructs the agent to read user-provided documents including 'clarify-*.md', emails, org charts, and meeting notes from the 'docs/' or 'doc-summary/' directories.
- Boundary markers: No boundary markers, XML tags, or 'ignore embedded instruction' warnings are used when the agent processes these external files.
- Capability inventory: The agent possesses the capability to read files from the local filesystem and write summarized analysis reports back to 'docs/'.
- Sanitization: There is no evidence of input validation, filtering, or escaping of the content retrieved from the analyzed documents before it is used in the prompt context.
- [NO_CODE]: The skill consists entirely of Markdown instructions and reference guidelines. It does not include any Python scripts, Node.js packages, shell commands, or other executable binaries, which significantly limits the risk of direct system compromise or remote code execution.
Audit Metadata