diagnose
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function involves reading project-specific documentation (e.g., .acumen.md, features.md) and accessing authorized data sources (Analytics, Databases) to generate product insights. These operations are consistent with the skill's stated purpose and use-case.
- [PROMPT_INJECTION]: The skill processes untrusted external data such as user feedback, support tickets, and interview notes. This represents a surface for indirect prompt injection. 1. Ingestion points: .acumen/sources.md (user feedback, support tickets, interview notes). 2. Boundary markers: Absent. 3. Capability inventory: File read, File write (.acumen/reports/), DB read-only access. 4. Sanitization: Absent. The risk is considered low because the instructions are heavily structured toward pattern extraction and quantification.
Audit Metadata