unknown
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill accesses local project files (e.g.,
CLAUDE.md,README, decision records) to gather context for its analysis. This behavior is transparently documented as a 'Context' phase and is necessary for the skill's stated purpose of strategy analysis. - [Indirect Prompt Injection] (LOW): As an analysis tool, the skill ingests untrusted data from user-provided strategy documents. While this creates an injection surface, the risk is limited by the skill's strict internal protocol, which forces the agent to use structured question tools and a predefined output template rather than open-ended execution.
- [Command Execution] (SAFE): No patterns of arbitrary command execution, shell access, or system modification were found. The skill relies on structured interaction and file writing for its deliverables.
Audit Metadata