faion-ba-modeling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes a restricted version of the Bash tool limited to 'ls:*'. This significantly limits the attack surface as it only allows for directory listing and prevents arbitrary command execution.
- [DATA_EXFILTRATION] (SAFE): No network-capable tools are listed in the allowed-tools configuration. There are no hardcoded credentials, sensitive file paths, or external network requests found within the skill's instructions or templates.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process user-provided documentation to generate BA artifacts. While this presents a surface for indirect prompt injection (Category 8), the risk is minimized by the lack of high-privilege execution tools.
- Ingestion points: Processes user business descriptions via the 'Read' tool.
- Boundary markers: Templates use structured Markdown but lack explicit 'ignore embedded instructions' markers.
- Capability inventory: Limited to file operations (Read, Write, Edit) and basic listing (Bash ls).
- Sanitization: No specific sanitization logic is implemented for processing external text inputs.
Audit Metadata