startup-pitch
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements legitimate business logic for startup pitch generation with a strong emphasis on data honesty and founder credibility. No malicious code, obfuscated content, or unauthorized access patterns were detected during the analysis. The skill relies on standard platform tools for web research and file management within the project scope.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest untrusted data from the web and local files to generate its outputs. This is inherent to its primary purpose as a research and synthesis tool.\n
- Ingestion points: Untrusted data enters the context through web search results in Phase 2 and through the reading of local project files (e.g., brief.md, market-analysis.md) that may contain unverified external information.\n
- Boundary markers: The instructions do not define explicit boundary markers or delimiters when interpolating ingested data into prompts for the agent or sub-agents.\n
- Capability inventory: The skill utilizes the Agent tool (to spawn sub-agents), WebSearch, and local filesystem write access to produce pitch deliverables.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from the web or project files before it is processed.
Audit Metadata