analytics
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- NO_CODE (SAFE): The skill file contains only Markdown documentation and code snippets intended for reference. There are no executable scripts (.js, .py, .sh) or configuration files that could be executed by an agent.
- EXTERNAL_DOWNLOADS (LOW): The documentation mentions an external package
clodds/analytics. This package is not from a trusted source; however, the skill does not include any automated installation commands or apackage.jsonfile that would trigger a download. - PROMPT_INJECTION (LOW): The documentation describes a pattern for processing external data from a database (
tradesDb) and performing file exports. This represents a potential indirect prompt injection surface if the library is used to process untrusted data. - Ingestion points: Data is read from a local database file
./trades.db. - Boundary markers: No delimiters or warnings are provided to prevent the agent from interpreting data within the database as instructions.
- Capability inventory: The API supports writing files to local paths via
exportReportandexportData. - Sanitization: No sanitization or path validation logic is discussed in the provided documentation.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file paths (outside of the database reference), or network exfiltration patterns were detected in the documentation text.
Audit Metadata