advice-standards
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a framework for evaluating external data sources, which creates a theoretical surface for indirect prompt injection attacks.
- Ingestion points: The skill is intended to be used when analyzing newsletters, blogs, model portfolios, and AI-generated text (as specified in SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific constraints to prevent the agent from executing instructions potentially hidden within the analyzed external content.
- Capability inventory: The skill is granted access to high-privilege tools: Bash, Read, Write, and Edit.
- Sanitization: There are no documented procedures for sanitizing or validating the untrusted external content before it is processed by the agent.
- [NO_CODE]: The skill consists entirely of markdown-based regulatory documentation and compliance logic. No scripts, binaries, or external code dependencies are included in the skill definition.
Audit Metadata