strategic-review-interactive
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes user-provided markdown files without protective delimiters. \n
- Ingestion points: Strategic reports are retrieved based on user input in
SKILL.mdand their content is processed ininteractions/init.md,interactions/approve.md, andinteractions/revision.md. \n - Boundary markers: None identified; the agent is not instructed to disregard instructions found within the processed reports. \n
- Capability inventory: Includes the ability to call the
strategic-reviewskill and save/update files on the system. \n - Sanitization: No sanitization or validation of the report content is performed before use. \n- [DATA_EXFILTRATION]: The skill allows the user to specify filenames for retrieval in
SKILL.md(Step 1). Without directory-level restrictions or strict path validation, this creates a vulnerability surface for path traversal, potentially allowing access to sensitive files that match the markdown format requirement.
Audit Metadata