Skills
skills/alphaonedev/openclaw-graph/financial-reporting/Gen Agent Trust Hub

financial-reporting

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted financial data from external sources, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Data is ingested via the /api/v1/aggregate API endpoint and from files (JSON, CSV).
  • Boundary markers: There are no specified delimiters or instructions to the model to ignore potential commands embedded in the financial data.
  • Capability inventory: The skill includes capabilities to write files (PDF, CSV, JSON) and perform network operations via API endpoints.
  • Sanitization: The documentation does not describe any sanitization or validation processes for the ingested data.
  • [COMMAND_EXECUTION]: The skill utilizes a CLI tool and Python libraries to perform its tasks.
  • Evidence: Mentions the openclaw CLI tool for data aggregation and the openclaw_financial Python library for report generation and analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 10:46 PM