business-growth-skills
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation for the contract and proposal writer skill suggests using
pandocvia system package managers (brew,apt) for converting Markdown documents to DOCX format. This is a standard instructional step for the tool's intended use and does not involve automated or hidden command execution. - [DATA_EXPOSURE]: All Python scripts included in the skill (e.g.,
health_score_calculator.py,pipeline_analyzer.py) are designed to read local JSON files provided as input by the user. There are no network operations, hardcoded credentials, or attempts to access sensitive system paths. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted business data from JSON files. However, the processing is performed by deterministic Python scripts rather than direct LLM interpolation, and the output is used for metrics and reporting. Standard LLM safety guidelines apply when the agent reads the resulting analysis.
Audit Metadata