tam-sam-som-calculator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from user-provided marketing materials and sales decks as described in Step 0 of SKILL.md. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the context.
- Ingestion points: SKILL.md (Gather Context).
- Boundary markers: No explicit markers or delimiters are used to separate user context from instructions.
- Capability inventory: The skill can execute a local helper script (scripts/market-sizing.py) for calculations.
- Sanitization: No sanitization or filtering of the user-provided text is performed.
- [COMMAND_EXECUTION]: The skill includes a deterministic Python script, scripts/market-sizing.py, which is executed to calculate market estimates. The script uses standard libraries (argparse, sys) and performs basic math without network or sensitive file system access.
Audit Metadata