product-leadership-team
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to allow the 'Bash' tool, providing broad command-line access. While used here for orchestration, this capability presents a high-impact surface area if the agent is manipulated by untrusted input.
- [PROMPT_INJECTION]: The sub-agent prompt templates in 'SKILL.md' use authoritative instructions such as 'MANDATORY' and 'NON-NEGOTIABLE' to enforce personas. While functional, this pattern of overriding default behavior is a common element in prompt injection strategies.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. User input from the '@plt' invocation is interpolated directly into the 'Topic' variable for sub-agents without sanitization, delimiters, or 'ignore' instructions. This exposes the agent to poisoning where malicious input could influence sub-agents possessing 'Bash', 'Write', and 'Task' capabilities. (Ingestion: SKILL.md; Boundary markers: Absent; Capabilities: Bash, Write, Task in SKILL.md; Sanitization: Absent).
Audit Metadata