agency-client-interview
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to facilitate a question-and-answer flow for project onboarding. Its operations are limited to reading local markdown files and providing text-based instructions to the agent.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from external files in the '.agency/context/' directory.
- Ingestion points: Reads files such as 'brand-voice.md' and 'target-audience.md' from the local project environment.
- Boundary markers: No explicit delimiters or instructions are provided to ignore embedded commands within the ingested context files.
- Capability inventory: Limited to 'Read', 'Grep', and 'Glob' tools as specified in the YAML frontmatter. No capability for network exfiltration or arbitrary command execution is present.
- Sanitization: There is no evidence of validation or sanitization of the content read from the context files.
Audit Metadata