comp-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- Data Privacy and Sensitivity: The skill is designed to process highly sensitive information, including employee compensation and HRIS data. It explicitly instructs users to keep data confidential, noting that results should stay within the conversation context.
- Indirect Prompt Injection Surface: The skill processes external data provided by the user, which presents a potential surface for indirect prompt injection. * Ingestion points: External data enters the context via CSV uploads or pasted compensation bands as defined in SKILL.md. * Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings specified for the data processing steps. * Capability inventory: The skill does not contain any executable scripts, subprocess calls, or network operations, limiting the potential impact of injected instructions. * Sanitization: No specific sanitization or validation logic is defined for the input data.
- Platform Connectors: The skill references '~~compensation data' and '~~HRIS' connectors. These are placeholders for integrated platform tools used for verified benchmarking and do not involve downloading or executing external code within the skill itself.
Audit Metadata