signals-synthesis
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted data from multiple external sources, which creates a surface for indirect prompt injection attacks.
- Ingestion points: The skill reads signal data (Slack, HubSpot, transcripts, etc.) from the
pm-workspace-docs/signals/directory and a hypothesis index frompm-workspace-docs/hypotheses/_index.json. - Boundary markers: No delimiters or instructions are provided to the agent to distinguish between its own operational guidelines and instructions that may be embedded within the source signals.
- Capability inventory: The skill outputs actionable agent commands such as
/hypothesis new,/hypothesis validate, and/hypothesis commit. Malicious content within the ingested signals could potentially influence or control these output commands. - Sanitization: The workflow does not specify any sanitization, filtering, or validation steps for the content of the ingested signals before they are processed for synthesis.
Audit Metadata