value
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is entirely aligned with its stated purpose of value mapping. It utilizes local project files within the .acumen directory to provide context-aware analysis.
- [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface by ingesting data from local markdown files. (1) Ingestion points: .acumen.md, .acumen/personas.md, .acumen/features.md, .acumen/value-chain.md, and .acumen/sources.md. (2) Boundary markers: Absent; there are no specific delimiters or instructions to ignore commands that might be embedded in the product data. (3) Capability inventory: The skill writes to .acumen/value.md and invokes other tools within the author's product-thinking suite. (4) Sanitization: Absent; the skill does not specify any validation or filtering of the ingested data. This finding is classified as low risk due to the constrained nature of the output and the absence of system-level command execution capabilities.
Audit Metadata