Skills
skills/truenorth-lj/decision-algorithm-skill/decision-algorithm/Gen Agent Trust Hub

decision-algorithm

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface due to its reliance on untrusted external data. * Ingestion points: The skill uses WebSearch and WebFetch tools in SKILL.md to retrieve data for analysis. * Boundary markers: There are no instructions defining delimiters or clear separation between retrieved content and agent instructions. * Capability inventory: The skill has access to Bash (for tool execution) and Write capabilities. * Sanitization: The instructions do not include requirements for sanitizing or validating retrieved data before processing.
  • [COMMAND_EXECUTION]: The skill uses Bash to invoke tools/decision_calculator.py. It directs the agent to interpolate user or web-derived inputs (such as win rates and gain amounts) into shell commands. This creates a potential command injection vector if the agent fails to ensure these inputs are strictly numeric.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve content from arbitrary external domains using WebSearch and WebFetch during its 'Decision-Oriented Research' phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 04:44 PM