leadership-sync
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [Data Exposure] (HIGH): The skill is configured to read and synthesize extremely sensitive information, specifically
data/cfo/cap_table.json(equity/ownership),data/cfo/latest_forecast.json(financials), anddata/engineering/tech_debt.json(security/stability risks). Accessing these files centralizes the organization's most private data into the agent's context. - [Indirect Prompt Injection] (HIGH): The skill implements a massive ingestion surface by loading 12+ external JSON files across four departments. It lacks boundary markers or sanitization logic. If an attacker can influence any of these source files (e.g., via a compromised CRM or product roadmap), they can inject instructions to bias strategic outputs or manipulate the 'Weekly Leadership Brief' intended for senior executives.
- [Dependency Risk] (MEDIUM): The skill explicitly relies on reading data directories managed by other skills (
cmo,cfo,cpo,cto). This creates a complex trust chain where a vulnerability in a department-level skill or its data source automatically compromises the 'Leadership Sync' output. - [Command Execution] (SAFE): The skill does not contain any shell commands, subprocess calls, or runtime script execution patterns.
Recommendations
- AI detected serious security threats
Audit Metadata