decision-stack
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing external documents.
- Ingestion points: As described in SKILL.md and platform-specific files, the 'Context dump' mode accepts untrusted documents such as PDFs, slide decks, and transcripts.
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings for the agent to ignore instructions embedded within the ingested documents.
- Capability inventory: In SKILL.md, the agent's primary capability is to generate a structured JSON context bundle; it does not have autonomous file-write or network capabilities within the skill definition itself.
- Sanitization: Absent. There is no mention of sanitizing or escaping content extracted from user-provided documents before it is processed.
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions for downloading and running code from external platforms.
- GitHub Repository: The README provides a command to clone the toolset from 'github.com/lunastak/tools.git'.
- NPM Package: Installation guides for MCP clients utilize 'npx decision-stack@latest'.
- Verification: These external resources trace back to the official vendor and are consistent with the skill's stated purpose.
Audit Metadata