my-finance-advisor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill defines a logical framework for financial decision-making based on user input.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, such as financial reports and transaction logs provided by the user (found in 'Mode B' conditions). While it lacks explicit boundary markers or sanitization logic to separate data from instructions, the agent's capabilities are limited to text-based reporting and logic branching, presenting a negligible risk of exploitable indirect prompt injection.
- [COMMAND_EXECUTION]: The skill does not contain any instructions to execute shell commands, scripts, or system-level operations. It relies on the model's internal reasoning to perform financial calculations.
- [DATA_EXFILTRATION]: No network operations, API calls, or hardcoded credentials were found. The skill operates on the context provided within the session and references local persona files ('agent/advisors/finance_advisor.md') which is standard behavior for skill extensions.
Audit Metadata