board-ready-kpi-narratives
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override system instructions or bypass safety filters were detected. The skill uses natural instructional language to guide the narrative generation process.
- [DATA_EXFILTRATION]: No network operations (curl, wget, fetch) or sensitive file path accesses were identified. The skill operates solely on provided inputs within the session context.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or secrets were found in the metadata or methodology sections.
- [REMOTE_CODE_EXECUTION]: The skill does not include any commands for package installation or remote script execution.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests external data (KPI datasets, prior narratives), it lacks the capabilities to execute instructions found in that data.
- Ingestion points: Raw KPI data, Strategic priorities, OKR framework, Audience context, Materiality thresholds, and Prior narratives (all provided in SKILL.md).
- Boundary markers: The methodology uses structured sections and markdown headers, though no explicit 'ignore instructions' delimiters are present for input variables.
- Capability inventory: None. The skill does not invoke subprocesses, network calls, or file-system modifications.
- Sanitization: None. However, the requirement for DuPont decomposition and materiality filtering forces the model to perform logical and mathematical validation, which mitigates simple text-based instruction overrides.
- [NO_CODE]: This skill consists of markdown instructions and templates only; it does not ship with or execute any scripts.
Audit Metadata