decision-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Category 8: Indirect Prompt Injection] (SAFE): The skill is designed to ingest and analyze user-provided data regarding decisions and plans using the
AskUserQuestiontool. - Ingestion points: User input is requested in
workflows/bias-check.md,workflows/premortem.md, andworkflows/reframe.mdto establish context. - Boundary markers: The workflows do not utilize specific delimiters or instructions to ignore embedded commands within the user data.
- Capability inventory: Analysis of all 11 files confirms an absolute lack of dangerous capabilities. There are no subprocess calls, file system write operations, or network requests present in the skill.
- Sanitization: No explicit input validation or sanitization logic is included.
- Conclusion: While the skill has an ingestion surface, the lack of any exploitable tools or system access ensures that indirect prompt injection poses no threat to the host environment.
- [Category 2: Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were detected in the reference guides or workflows.
- [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill is composed entirely of Markdown files; no external packages or remote scripts are downloaded or executed.
- [Category 1: Prompt Injection] (SAFE): The instructions focus on cognitive auditing and do not contain patterns typical of prompt injection, such as attempts to bypass safety filters or disregard system instructions.
Audit Metadata