battlecard-doc
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and renders it into a persistent HTML document.
- Ingestion points: Untrusted data enters the agent context through the
list_findings(call transcripts),search_resources(uploaded documents), andlist_entities(external competitor/product profiles) tools as defined in SKILL.md. - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions to isolate untrusted external content from the document structure.
- Capability inventory: The skill has the capability to write persistent HTML files to the
.octave-decks/directory. While it does not execute system commands, the generated files are intended to be opened in a browser. - Sanitization: There are no explicit instructions provided to sanitize, escape, or validate the content retrieved from Octave MCP tools before interpolating it into the HTML template, which could allow malicious scripts embedded in the knowledge base to execute in the user's browser context.
Audit Metadata