usd-reserve-loss-gold-revaluation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches financial data from several external domains including fred.stlouisfed.org, data.imf.org, bis.org, and finance.yahoo.com. While these are reputable financial data providers, they are not included in the predefined list of trusted sources.\n- [COMMAND_EXECUTION] (SAFE): Workflows within the skill instruct the agent to run a local script named
scripts/gold_revaluation.py. This is consistent with the skill's stated purpose of performing economic calculations and monitoring activities.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external financial APIs. \n - Ingestion points: Data is retrieved from World Gold Council, IMF, FRED, and Yahoo Finance APIs as described in
references/data-sources.md.\n - Boundary markers: There are no visible delimiters or 'ignore instructions' markers when handling this external data in the provided documentation.\n
- Capability inventory: The skill possesses the capability to execute local scripts and perform network operations using retrieved data.\n
- Sanitization: No validation or sanitization of the external data is documented in the provided workflows or reference materials.
Audit Metadata