cowork-deal-room
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted external data (deal room documents).
- Ingestion points: Files are read recursively from a user-provided directory using tools like
Glob,Read, andGrep. This includes PDFs, Word documents, spreadsheets, and text files. - Boundary markers: The instructions do not define any boundary markers (such as XML tags or unique delimiters) to separate document content from agent instructions, nor do they instruct the agent to ignore embedded commands within the files.
- Capability inventory: The skill has access to powerful tools including
Bash(shell command execution),Write(file system modification), andWebSearch(network access). - Sanitization: There is no evidence of sanitization, escaping, or validation performed on the content extracted from external documents before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill's architecture relies on the
Bashtool for potential analysis tasks. Given the ingestion of untrusted files, a malicious actor could place a document in the deal room containing text that instructs the agent to execute unauthorized shell commands, potentially leading to system compromise or unauthorized access.
Audit Metadata