lean-startup
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions for the agent to analyze and score user-provided development plans and metrics, creating a vulnerability surface for indirect prompt injection. Ingestion points: Scoring and Quick Diagnostic sections in SKILL.md. Boundary markers: Absent; no delimiters or ignore-instructions are used to isolate user data. Capability inventory: The skill uses the Read, Glob, and Grep tools in SKILL.md. Sanitization: Absent; the skill does not specify validation or filtering of user content.
- [NO_CODE]: The skill consists entirely of instructional Markdown files. It does not include executable scripts, binaries, or configuration files for automated system operations.
Audit Metadata