business-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its data research and synthesis workflows.
- Ingestion points: Untrusted data enters the agent context via the
WebSearchandWebFetchtools used for market research, as well as through files read from thebmad/coordination directory. - Boundary markers: The instructions and subagent prompt templates do not specify the use of delimiters or 'ignore embedded instructions' directives when processing retrieved web content.
- Capability inventory: The skill is configured with powerful capabilities including
Bash(for executing local utility scripts),Write/Edit(for document generation), and network-enabled search tools. - Sanitization: There is no evidence of content sanitization, filtering, or validation performed on data fetched from external sources before it is analyzed.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run local utility scripts provided in the skill package (scripts/discovery-checklist.shandscripts/validate-brief.sh). These scripts provide interactive checklist functionality and document completeness validation via terminal output and file system grepping.
Audit Metadata