mckinsey-consultant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits an inherent vulnerability surface for tool output poisoning. It performs multiple web searches (Step 3 and Step 6) to gather commercial data, which is then processed into the final report. \n
- Ingestion points: Extensive
web_searchactivity documented inreferences/workflow.mdandreferences/V2_vs_V3_comparison.md. \n - Boundary markers: Absent; the documentation does not specify instructions to the LLM to ignore or escape embedded instructions within search results. \n
- Capability inventory: The agent possesses the capability to invoke external skills (
mckinsey-ppt-v4) to generate complex output files based on gathered data. \n - Sanitization: No evidence of data sanitization or validation of untrusted web content before interpolation into prompts was identified. \n- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill relies on an external dependency,
mckinsey-ppt-v4, to perform its primary output function. Per [TRUST-SCOPE-RULE], dependencies on non-standard skills are noted as a dependency risk. \n- [Command Execution] (SAFE): While the reference files contain Python-like syntax for design rules (e.g., inreferences/design-specs.md), these are presented as configuration guidelines for the AI agent and do not constitute executable shell commands or scripts.
Audit Metadata