dot-vote
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes external markdown files without using boundary markers or sanitization.
- Ingestion points: The skill reads from the 'context/' directory and files such as 'jtbd-capture.md' or 'hmw-opportunities.md'.
- Boundary markers: Absent; there are no instructions to the agent to ignore potentially malicious instructions embedded in the ingested data.
- Capability inventory: The skill uses file read and write operations to manage session data.
- Sanitization: Absent; the ingested content is not validated or escaped before being processed.
Audit Metadata