platform-strategy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains standard instructional guidelines for the AI agent. It includes safety-positive constraints, explicitly instructing the agent not to request secrets or credentials and to require confirmation for production changes.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded secrets, or network exfiltration commands (e.g., curl, wget) were found. The skill operates purely on textual strategy inputs.
- [Remote Code Execution] (SAFE): There are no patterns involving the download or execution of external scripts or packages. All files are markdown or metadata.
- [Obfuscation] (SAFE): No use of Base64, zero-width characters, homoglyphs, or other encoding methods was detected throughout the nine files.
- [Indirect Prompt Injection] (SAFE): The skill processes user-provided business context. However, it lacks exploitable capabilities (such as code execution, file writing, or network access) that would allow an indirect injection to cause harm. Evidence Chain:
- Ingestion points: User-provided platform context in SKILL.md.
- Boundary markers: Absent, but instructions define specific strategic output formats.
- Capability inventory: None (text generation only).
- Sanitization: Not applicable as no execution occurs.
Audit Metadata