analyze-japan-debt-service-tax-burden
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to non-whitelisted domains including ticdata.treasury.gov and fred.stlouisfed.org to retrieve financial statistics. Evidence found in scripts/fetch_tic_holdings.py and references/data-sources.md.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through external data ingestion. 1. Ingestion points: Data is retrieved from US Treasury text files and FRED CSV endpoints. 2. Boundary markers: Absent; external data is incorporated without protective delimiters. 3. Capability inventory: The skill writes to local cache directories and performs data aggregation. 4. Sanitization: Employs regex-based parsing to extract specific fields from raw text data, which provides limited structural validation.
Audit Metadata