Company Factory
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection during the generation of agent configurations.
- Ingestion points: The skill takes natural language requirements from the user via the task description and Requirement Analyst role to generate SKILL.md and POSTS.md files.
- Boundary markers: There are no explicit boundary markers or isolation protocols used to prevent user-supplied text from manipulating the structure or instructions of the generated configuration files.
- Capability inventory: The manager post has significant capabilities, including writing to the workspace directory and spawning new workers, which are governed by the files generated from user input.
- Sanitization: No validation or filtering is applied to the user's business logic, allowing for the possibility that a user could describe a company structure that grants excessive permissions (e.g., the 'exec' tool) to generated roles.
Audit Metadata