jobs-to-be-done
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze external data such as customer interviews and product descriptions, which creates a surface for indirect prompt injection. Malicious instructions embedded in the analyzed data could attempt to influence the agent's behavior during the analysis phase.\n
- Ingestion points: Customer discovery data, product strategy documents, and interview transcripts processed via workspace file tools as described in
SKILL.md.\n - Boundary markers: Absent. The skill does not define specific delimiters to separate untrusted customer data from its own instructional framework.\n
- Capability inventory: Uses the
Read,Glob, andGreptools to access and analyze workspace files.\n - Sanitization: Absent. There is no logic provided to filter or escape instructions found within analyzed text.\n- [SAFE]: A link to an external resource on Amazon.com includes an affiliate tracking parameter (
tag=wondelai00-20). This is a common monetization practice and does not involve data exfiltration or malicious intent.\n- [SAFE]: TheSKILL.mdfile contains generic template text in the 'Instructions' and 'Output' sections referring to API configurations and CLI tools that are unrelated to the Jobs to Be Done framework. This appears to be a documentation oversight by the author and does not include any executable code or functional scripts that pose a security risk.
Audit Metadata