financial-statement-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No patterns attempting to bypass safety filters or override core instructions were detected. The skill uses standard instructional language for financial analysis.
- Data Exposure & Exfiltration (SAFE): No credentials, secrets, or sensitive file paths are present. There are no network calls or data exfiltration vectors.
- Unverifiable Dependencies & Remote Code Execution (SAFE): This is a no-code skill. It does not install packages or execute scripts. It references an external tool (findata-toolkit-cn) for data, but does not implement any automated execution.
- Indirect Prompt Injection (LOW): The skill ingests financial statements which could contain malicious text. However, since the skill has no 'write' or 'execute' capabilities, the risk is limited to content manipulation within the generated report. Boundary markers like structured tables are used in the output template to maintain context.
Audit Metadata