Skills
skills/dalehurley/phpbot/financial-analysis/Gen Agent Trust Hub

financial-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill mentions using bash with tools like pdftotext to extract content from user-provided PDF files. This execution environment could be a risk if the input or utility parameters are not handled with care.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data from PDF documents, as malicious instructions could be embedded in the text to manipulate agent behavior.
  • Ingestion points: PDF documents provided by users (SKILL.md Step 2).
  • Boundary markers: Absent; no delimiters or "ignore instructions" warnings are specified for the extracted content.
  • Capability inventory: Subprocess execution via bash for pdftotext (SKILL.md Step 2) and file-writing capabilities for multiple formats like markdown and HTML (SKILL.md Step 7).
  • Sanitization: Absent; no validation or filtering of the extracted text content is mentioned before the AI processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:31 AM