work-partner-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by persisting unvalidated user input into system instructions. \n
- Ingestion points: User descriptions of work tasks and preferences in SKILL.md (Phases 1.1, 3.1, 3.2). \n
- Boundary markers: No delimiters or safety instructions are used to separate user data from templates. \n
- Capability inventory: Creation of folders, files, and new skills via the skill-creator tool. \n
- Sanitization: No evidence of input validation or filtering of user data. \n- [COMMAND_EXECUTION]: The skill uses dynamic execution to create a secondary workflow skill at runtime using a platform tool. \n
- Evidence: Phase 3.4 generates a 'My Work Partner' skill based on a template and user input. \n- [COMMAND_EXECUTION]: The skill modifies the file system by creating a directory structure and writing configuration files. \n
- Evidence: Phase 3.3 creates the 'My Workspace' directory and 'work-profile.txt' file.
Audit Metadata