risk-management
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized access patterns were detected.
- [EXTERNAL_DOWNLOADS]: The skill references api.openclaw.ai (vendor resource) and api.bloomberg.com (well-known financial service) to fetch data. These connections are standard for the skill's functionality.
- [PROMPT_INJECTION]: Indirect prompt injection surface analysis: (1) Ingestion points: Data entering the system via 'portfolio.csv', Bloomberg API feeds, and user-provided JSON payloads. (2) Boundary markers: No specific boundary delimiters or safety-specific instructions for data isolation are used. (3) Capability inventory: Limited to quantitative modeling, statistical calculation, and generation of mitigation strategy reports; no execution or administrative capabilities are exposed. (4) Sanitization: The skill includes input validation and schema verification to ensure data integrity.
Audit Metadata