fee-disclosure
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by instructing the agent to ingest and analyze external, untrusted financial disclosures (such as Form ADV, prospectuses, and ERISA documents).
- Ingestion points: External financial documents and user-provided queries specified in the 'When to Use' and 'Core Concepts' sections of SKILL.md.
- Boundary markers: The instructions lack any requirement for delimiters or 'ignore' directives for content within the analyzed documents.
- Capability inventory: The skill explicitly requests the use of powerful tools:
Bash,Read,Write, andEdit. - Sanitization: No input validation or sanitization steps are defined for the data extracted from these disclosures.
- [NO_CODE]: The skill is composed entirely of informational markdown and does not include any executable scripts, source code, or binaries.
Audit Metadata