investment-memo
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a template-based assistant for financial analysis. It contains no executable scripts, external network requests, or obfuscated content.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data such as company descriptions and due diligence findings (SKILL.md). While this represents a potential injection surface, the risk is mitigated by the skill's limited capabilities, which are restricted to document formatting and generation via the
office-mcpserver tools (create_docx,fill_docx_template). No evidence of malicious intent or safety bypasses was found. - [NO_CODE]: The skill does not bundle any custom scripts or binaries, relying entirely on provided markdown templates and pre-defined MCP tools, which reduces the attack surface for remote code execution or persistence.
Audit Metadata