business-investment-advisor
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides tools for analyzing investment opportunities and portfolio diversification. All operations are local and use the Python standard library. No suspicious network activities, unauthorized file access, or privileged command executions were found.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it processes external JSON files without boundary markers. However, the risk is mitigated as the analysis scripts lack dangerous capabilities.\n
- Ingestion points: The investment_screener.py, portfolio_analyzer.py, and due_diligence_checklist.py scripts ingest data from user-supplied JSON files.\n
- Boundary markers: No delimiters or instructions are used to separate untrusted data from the agent's logic.\n
- Capability inventory: The scripts are limited to mathematical computation and console output; no subprocesses, network requests, or file write operations are performed.\n
- Sanitization: Data is parsed via standard JSON libraries, but individual string fields are not sanitized against malicious instructions.
Audit Metadata