Skills
skills/melodic-software/claude-code-plugins/stakeholder-simulation/Gen Agent Trust Hub

stakeholder-simulation

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection during the simulation workflow.\n
  • Ingestion points: The workflow in SKILL.md (Step 1) specifically reads external data via the existing_requirements field.\n
  • Boundary markers: The instructions lack explicit delimiters or instructions to treat external data as untrusted, which may lead the agent to follow instructions embedded within those external files.\n
  • Capability inventory: The skill is permitted to use Read, Write, Grep, and Task tools, which provides a significant capability set if an injection occurs.\n
  • Sanitization: No validation or escaping mechanisms are defined for the {topic} variable or the content of ingested files before they are interpolated into persona prompts in Step 3.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 04:48 AM