product-strategist
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or safety filters were detected.
- Data Exposure & Exfiltration (SAFE): No access to sensitive files or unauthorized network communication patterns identified.
- Remote Code Execution (SAFE): The skill mentions running a local Python script (okr_cascade_generator.py), but the usage is restricted to strategic goal generation and does not involve downloading or executing remote code from untrusted sources.
- Indirect Prompt Injection (LOW): The skill possesses an attack surface as it is designed to perform market and competitive analysis, which likely involves ingesting external, untrusted content. Evidence: 1. Ingestion points: Market/Competitive analysis. 2. Boundary markers: None specified. 3. Capability inventory: Generates internal OKR cascades. 4. Sanitization: None specified.
Audit Metadata