mckinsey-consultant
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection because it ingests untrusted data from the web to formulate analysis and generate PPT slides. 1. Ingestion points:
web_searchresults are used in STEP 3 and STEP 6 (references/workflow.md) to populate hypotheses and slide content. 2. Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings present in the reference files. 3. Capability inventory: The agent utilizesweb_search(network read) and calling themckinsey-ppt-v4skill (file generation). 4. Sanitization: No evidence of validation or sanitization of search results is provided. - COMMAND_EXECUTION (MEDIUM): The files
references/design-specs.mdandreferences/troubleshooting.mdcontain Python-based logic and solutions for design enforcement (e.g., text density checks and color contrast fixes). This structure suggests that the agent may perform runtime interpretation or execution of these code snippets to manipulate the presentation output.
Recommendations
- AI detected serious security threats
Audit Metadata