fsi-strip-profile
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Line Execution for File Conversion: The skill instructions involve executing system commands such as
sofficeandpdftoppmto convert PowerPoint files into images for visual review. - Evidence: The Workflow section in
SKILL.mdspecifies the use ofsoffice --headless --convert-to pdfandpdftoppm -jpegwithin a bash block. - Context: This behavior is directly associated with the skill's primary purpose of ensuring document quality and visual alignment before presenting to the user.
- Indirect Prompt Injection Surface: The skill is designed to research and process data from external sources such as SEC filings, investor presentations, and news releases.
- Ingestion points:
SKILL.md(Research & Planning section) specifies data entry from BamSEC, SEC EDGAR, corporate websites, and news press releases. - Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the external data ingestion.
- Capability inventory: The skill utilizes
PptxGenJSand Python for file generation, and shell commands for image conversion. - Sanitization: There are no explicit instructions for sanitizing or filtering instructions that might be embedded in the external financial documents.
- Context: While this represents an attack surface where malicious content in a processed document could attempt to influence the agent, it is a standard risk for agents performing research tasks and is managed by the underlying model's safety guardrails.
Audit Metadata