tear-sheet
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Script Generation and Execution: The skill directs the agent to create and run a Node.js script using the docx library to produce the final output. This dynamic execution is a standard technique for handling complex document layouts and styles that are difficult to express in simple markdown. The logic is provided directly within the skill instructions and uses standard, well-known libraries.
- External Data Processing: The skill gathers data from external financial services, including qualitative content like earnings transcripts. This processing of external data is a potential consideration for indirect instruction processing, though the skill is designed to summarize this data into a structured report format. 1. Ingestion points: Data enters the environment via S&P Global MCP tools and is stored in files such as earnings.txt and company-profile.txt. 2. Boundary markers: The skill does not explicitly define boundary markers for the ingested text, relying on the model's summarization and the structured docx generation logic. 3. Capability inventory: The agent uses Node.js execution and local file-writing capabilities to generate the report. 4. Sanitization: The instructions focus on data retrieval and formatting without specifying explicit sanitization for the ingested text.
- Local File Management: The skill utilizes a dedicated temporary directory (/tmp/tear-sheet/) to store intermediate data. This approach helps maintain data integrity and provides a single source of truth during the calculation and formatting phases.
Audit Metadata