annual-report-charity-bureau
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via document ingestion. Although the skill has no dangerous capabilities, malicious instructions within user-provided documents could influence the generated report's content.
- Ingestion points: Document gathering in 'Pre-Draft Intake' (SKILL.md).
- Boundary markers: Absent; no specific instructions provided to the agent to ignore potential commands within the data.
- Capability inventory: No subprocess calls, exec/eval, file-write, or network operations are defined in the skill (SKILL.md).
- Sanitization: No evidence of data sanitization or input validation for external documents.
- [NO_CODE]: The skill consists solely of a Markdown file (SKILL.md) containing instructions and templates, with no referenced scripts or binaries.
Audit Metadata