mkt-initiative-planner
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided initiative proposals in its Validate and Plan modes, creating an indirect prompt injection surface. (1) Ingestion points: User input in SKILL.md and references/validation-mode.md. (2) Boundary markers: No explicit delimiters or instructions to disregard embedded commands are present in the prompts. (3) Capability inventory: No subprocess calls, code execution (eval/exec), or network operations are defined in the provided files. (4) Sanitization: No evidence of input escaping or validation.
- [NO_CODE]: The skill consists entirely of markdown documentation and instructional prompts and does not include any executable scripts or binary files, which significantly reduces the technical attack surface.
Audit Metadata