strategic-plays
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted external content (Wardley Maps) and possesses file-modification capabilities.
- Ingestion points: The skill reads and analyzes files using the
ReadandGreptools. - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following instructions embedded within the data files it analyzes.
- Capability inventory: The skill is granted
WriteandEdittool permissions, allowing for modification of the local filesystem. - Sanitization: Absent. There is no logic to sanitize or validate the content of the maps before processing.
- Command Execution (MEDIUM): The skill requests broad filesystem access tools (
Write,Edit) that exceed the requirements for a purely analytical strategic identification task, increasing the potential impact of an injection attack. - Data Exposure & Exfiltration (LOW): The skill instructions mandate external lookups via the 'perplexity' MCP server. This constitutes a network operation to a non-whitelisted domain, though it is used for information retrieval rather than exfiltration in this context.
Recommendations
- AI detected serious security threats
Audit Metadata