payroll-tax-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to process untrusted external data, including contractor contract details and entity relationship information, to determine tax compliance.
- Ingestion points: Wage data, contractor contracts, and entity grouping assessments entered into the agent context.
- Boundary markers: Not present in the skill definition or instructions.
- Capability inventory: Performs multi-state tax calculations and references an external logic engine at
lib/analysis/payroll-tax-engine.ts. - Sanitization: No input validation, escaping, or sanitization mechanisms are described for the data being analyzed.
- [Missing Logic] (MEDIUM): The core execution logic is contained in an external file (
lib/analysis/payroll-tax-engine.ts) which was not provided. In an 'assume-malicious' posture, this hidden logic cannot be verified for safe file access, network calls, or command execution.
Audit Metadata