fmea-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Category 8: Indirect Prompt Injection (SAFE): The skill is designed to ingest and analyze Failure Mode and Effects Analysis (FMEA) data provided by users in JSON or text formats. This creates a surface for indirect prompt injection if malicious instructions are embedded in failure mode descriptions.
- Ingestion points:
fmea_data.jsonand user-supplied descriptions of system functions and failures. - Boundary markers: Not explicitly defined in the documentation or templates.
- Capability inventory: The skill performs risk calculations and report generation based on the provided data.
- Sanitization: No explicit sanitization or validation of the input data is described beyond the use of a JSON schema.
- Unverifiable Code (INFO): The
HOW_TO_USE.mdfile references two Python scripts (scripts/calculate_fmea.pyandscripts/generate_report.py) and provides command-line examples for their execution. These scripts were not provided in the skill package for analysis. However, based on the documentation, their functionality appears limited to local data processing and reporting.
Audit Metadata