exec-summary
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several Python scripts ('clv-calculator.py', 'roi-calculator.py', 'revenue-forecaster.py', 'budget-optimizer.py') to perform its core analytical functions.
- [DATA_EXFILTRATION]: The skill is designed to collect and transmit sensitive financial and performance data to external communication channels like Slack and Email as part of its reporting functionality.
- [EXTERNAL_DOWNLOADS]: The skill pulls data from well-known external platforms including Google Ads, Meta Ads, and Salesforce. These connections are standard for marketing analytics and represent interaction with trusted well-known services.
- [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection due to its ingestion of untrusted data from external marketing platforms.
- Ingestion points: Ad campaign data, performance logs, and CRM records from connected services.
- Boundary markers: No specific delimiters or safety instructions are used when processing external data.
- Capability inventory: Local script execution and external communication capabilities.
- Sanitization: No explicit sanitization or filtering of external data is mentioned in the processing steps.
Audit Metadata