business-analyst
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a significant attack surface by combining the ingestion of untrusted external content with high-privilege execution capabilities.
- Ingestion points: The skill is intended to process external datasets, customer behavior data, market reports, and competitor intelligence (SKILL.md).
- Boundary markers: Absent. There are no instructions to use delimiters or to disregard natural language instructions found within the data being analyzed.
- Capability inventory: The skill explicitly mentions creating 'Custom analytics solutions with Python, R, and SQL' and 'Automated report generation and distribution systems'. These capabilities provide a direct path for code execution or data exfiltration if triggered by malicious data.
- Sanitization: Absent. No validation or filtering logic is prescribed for the data inputs.
- Command Execution (MEDIUM): The behavioral instructions encourage the agent to generate and execute scripts for analytics. In an adversarial context, an indirect injection could influence these scripts to perform unauthorized file system or network operations.
- Metadata Poisoning (LOW): While the metadata is currently benign, the skill references an external file
resources/implementation-playbook.mdwhich is not provided, creating a potential vector for hidden instructions if that file is compromised or contains malicious content.
Recommendations
- AI detected serious security threats
Audit Metadata