analyze-copper-supply-concentration-risk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local Python scripts provided in the
scripts/directory to fetch data and generate charts. The commands are transparent and restricted to the skill's stated purpose of supply chain analysis. - [EXTERNAL_DOWNLOADS] (SAFE): The skill requires standard, well-known Python packages for data analysis (pandas, numpy, matplotlib, etc.) installed via pip. These are legitimate dependencies for the provided scripts.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8).
- Ingestion points: Data is ingested from the GDELT Project API (news events), MacroMicro (Highcharts data), and Our World in Data. GDELT specifically provides news-related strings which are a potential vector for indirect injection.
- Boundary markers: There are no explicit boundary markers or instructions to the agent to treat external news titles as untrusted data in the workflows.
- Capability inventory: The skill possesses the capability to execute local scripts and perform network operations, providing a potential (though limited) exploit path if the agent were manipulated by external content.
- Sanitization: The skill processes structured numeric data heavily, but news headline strings from GDELT are interpolated into reports without specialized sanitization against prompt injection patterns.
Audit Metadata