make-decision
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of local Python scripts (
scripts/search.py) to perform its primary functions. It also provides instructions for installing Python via system package managers (brew,apt,winget) if the environment is not prepared. These commands are necessary for the skill's operation and target well-known, trusted software repositories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. User input is accepted as command-line arguments for the search scripts, which then retrieve information from a local knowledge base to influence the agent's behavior and planning process.
- Ingestion points: User-provided decision descriptions, keywords, and project names are passed directly as arguments to
scripts/search.pyinSKILL.mdandPROMPT.md. - Boundary markers: Absent. User input is interpolated directly into the command line without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can execute local Python scripts and has the capability to write and update files in the
.decisions/anddecision-plans/directories as seen inadvisor.py. - Sanitization: The Python scripts (
core.py) perform basic tokenization for search purposes but do not include sanitization or validation to prevent the user from providing malicious instructions that could be executed by the agent or influence its decision-making logic.
Audit Metadata