Skills
skills/ibrahim-3d/conductor-orchestrator-superpowers/board-of-directors/Gen Agent Trust Hub

board-of-directors

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes run_shell_command in SKILL.md to create project-specific directories (mkdir -p) for storing board session metadata and deliberation logs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes external, untrusted 'proposals' across a multi-step deliberation chain.
  • Ingestion points: The proposal content enters the agent's context in SKILL.md and is passed to five separate director personas.
  • Boundary markers: The skill lacks formal isolation (e.g., XML tags or specific delimiters) for the proposal content, relying on simple labels like PROPOSAL: ${proposal}.
  • Capability inventory: The skill has the capability to execute shell commands (mkdir) and write files (write_file) based on the outcome of the deliberation.
  • Sanitization: There is no evidence of input sanitization or validation performed on the proposal text before it is interpolated into the expert profiles' prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:30 AM