suitability-report-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill directory contains only Markdown documents and a license file. There are no Python scripts, Node.js packages, or shell commands present.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted input data to generate financial reports, creating a surface for indirect prompt injection. Ingestion points: Step 1 in
SKILL.mdidentifies investment recommendations and client profiles as required inputs. Boundary markers: None are defined inSKILL.mdorreferences/output-template.mdto isolate user data from agent instructions. Capability inventory: The skill has no capabilities beyond text generation; no subprocess, network, or file-write operations are available. Sanitization: There are no instructions for sanitizing or escaping the user-provided data before it is included in the final report.
Audit Metadata