growth-ceo
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the local codebase as its primary source of context.\n
- Ingestion points: The skill explicitly reads the codebase, README, and documentation in
SKILL.md(Phase 1 and Step 1 of the Workflow) to understand the product territory.\n - Boundary markers: There are no instructions in the skill to use delimiters or ignore instructions embedded within the analyzed project files.\n
- Capability inventory: The skill has access to
Read,Write,Edit,Glob, andGreptools, which could be leveraged to modify the filesystem if the model is influenced by malicious instructions in the input data.\n - Sanitization: No content sanitization or validation mechanisms are implemented to filter instructions from the ingested codebase content.
Audit Metadata