people-report
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection: The skill ingests data from external sources such as CSV uploads and HRIS connectors to perform analysis. This creates a potential risk where instructions embedded within the data could influence the agent's behavior, as the skill's instructions do not currently include explicit data sanitization or boundary markers.
- Sensitive Data Access: To generate headcount and diversity reports, the skill accesses highly sensitive information, including employee names, compensation, and demographics. While this is necessary for the skill's functionality, it is a security consideration that warrants ensuring the agent environment is appropriately secured.
Audit Metadata