strategy-architect
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches company synchronization details and JSON-LD graph data from the author's domain at https://wazoo.dev.
- [PROMPT_INJECTION]: Implements instructions to trigger the skill's behavior automatically based on user keyword detection even if the user does not explicitly request the 'strategy architect' persona.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface through the ingestion of external and local content.
- Ingestion points: Remote JSON-LD graph from https://wazoo.dev and the local company.md file.
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the fetched or read data.
- Capability inventory: The skill is authorized to define strategic roadmaps, audit internal agendas, and arbitrate priority trade-offs.
- Sanitization: No validation or sanitization process is defined for the external JSON-LD metadata or internal company file content.
Audit Metadata