Hoshinkanri
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of static markdown templates and instructional content for strategic management (Hoshin Kanri). A thorough review of all files, including SKILL.md and various templates for A3 reports, X-Matrices, and bowling charts, revealed no presence of malicious patterns, prompt injections, or unauthorized command execution.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies a data ingestion surface through its various templates (e.g., a3-template.md, catchball-record.md) which are designed to hold user-provided business information. While these fields could theoretically be used for indirect prompt injection if the resulting documents are processed by subsequent agent steps, the skill itself contains no automated tools, subprocess calls, or execution logic that would act upon this data. Therefore, no exploitable capability is present.
- [COMMAND_EXECUTION]: The skill includes instructions for the agent to use 'read' and 'ls' commands. These operations are explicitly scoped to the skill's own directory structure (~/.claude/skills/Hoshinkanri/) for the purpose of accessing its own internal documentation and templates, posing no security risk.
Audit Metadata