dividend-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill demonstrates an indirect prompt injection surface by processing external data from a CSV file.
- Ingestion points:
notebooks/updates/dividend.csvis read and processed to calculate dividend totals. - Boundary markers: Absent. There are no delimiters or instructions to prevent the agent from following instructions if they were embedded within the CSV fields.
- Capability inventory: The agent has the ability to write to Google Sheets (
mcp__gdrive__sheets) and perform browser automation (mcp__claude-in-chrome). - Sanitization: Absent. The skill performs calculations and aggregations directly on the data parsed from the CSV without validation steps.
- [DATA_EXFILTRATION] (SAFE): While the skill transmits financial data to an external service (Google Sheets), this is the primary and intended function of the skill and does not target untrusted or unauthorized domains.
Audit Metadata