cfo-finance
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill package is comprised solely of markdown files and YAML metadata. There are no scripts, executables, or code files provided.
- [PROMPT_INJECTION]: No evidence of direct prompt injection, role-play bypass, or safety guideline overrides was detected in the persona instructions.
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk Surface: 1. Ingestion points: Input includes CSV, JSON, and structured data exports (SKILL.md). 2. Boundary markers: Absent; no specific delimiters or instructions to ignore embedded commands are defined for external data. 3. Capability inventory: The skill coordinates multiple sub-skills but does not contain direct system execution logic. 4. Sanitization: No sanitization of ingested financial data is described in the skill logic.
Audit Metadata