business-plan
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown and reference files providing business frameworks. It contains no executable scripts (Python/Node.js) or shell commands within its runtime logic.
- [SAFE]: No remote code execution patterns, external downloads from untrusted sources, or obfuscated content were detected across the 16 files.
- [PROMPT_INJECTION]: The skill includes instructions to follow a specific process (Detection -> Gathering Context -> Analysis -> Quality Check) which is standard for specialized agent skills and does not attempt to bypass system safety guidelines or override agent behavior maliciously.
- [DATA_EXPOSURE]: While the skill manifests with filesystem and network permissions, there is no evidence of hardcoded credentials or malicious exfiltration logic. The capabilities are used legitimately to process business context provided by the user and generate analysis outputs.
- [INDIRECT_PROMPT_INJECTION]: The skill presents a surface for processing untrusted data as it is designed to analyze user-provided business plans and financial documents.
- Ingestion points: SKILL.md (Gather Context), references/financial-analysis.md (Step 1: Data Collection).
- Boundary markers: Absent; the skill relies on the LLM's general context management for external data.
- Capability inventory: filesystemRead, filesystemWrite, network (defined in skill.json).
- Sanitization: The skill implements mitigation through thorough quality checklists (e.g., in references/business-plan-workflow.md) that require the agent to verify claims against data and logic before finalizing output.
Audit Metadata