fin-guru-compliance-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes
uv run python src/analysis/itc_risk_cli.pyto perform financial risk analysis. These commands are localized to the skill's source directory and do not involve executing untrusted remote scripts or arbitrary user input in a dangerous manner. - PROMPT_INJECTION (SAFE): No instructions attempting to bypass safety filters, override core agent behavior, or extract system prompts were detected. The instructions are focused solely on the financial compliance domain.
- DATA_EXFILTRATION (SAFE): The skill does not reference sensitive system files (e.g., SSH keys, AWS credentials) or include unauthorized network requests. No hardcoded API keys or tokens are present.
- REMOTE_CODE_EXECUTION (SAFE): There are no patterns involving the download and execution of remote code (e.g.,
curl | bash). All execution is directed at local project files. - INDIRECT_PROMPT_INJECTION (LOW): While the skill processes external ticker data as CLI arguments, it lacks the typical attack surface (like processing untrusted HTML or third-party API payloads without sanitization) that would lead to indirect injection. The logic is constrained to financial metric validation.
Audit Metadata