c-suite-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by capturing untrusted user input and writing it directly to a persistent file (
company-profile.md) that other skills are designed to consume. An attacker could provide malicious instructions in the survey answers to influence the behavior of downstream agents. - Ingestion points: User answers collected via the
AskUserQuestiontool for all 8 survey questions (e.g., product descriptions, vision, and objectives). - Boundary markers: While the data is placed into markdown sections and tables, there are no explicit boundary markers or instructions for future agent consumers to treat the content as untrusted data rather than instructions.
- Capability inventory: The skill possesses the capability to write and modify files (
company-profile.md) in the project root. - Sanitization: No sanitization, escaping, or structural validation is performed on the user's responses before they are written to the filesystem.
Audit Metadata