proposal-generation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The instructions do not contain any direct prompt injection attempts, system prompt extraction patterns, or commands to bypass safety filters.
- [SAFE]: No hardcoded credentials, sensitive file access (like SSH keys or AWS configs), or unauthorized network operations were identified.
- [SAFE]: There are no patterns involving external code downloads, remote script execution (e.g., curl | bash), or unverifiable package installations.
- [PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection due to its core function of processing external financial data.
- Ingestion points: Reads and processes prospect data, account statements, tax returns, and CSV holdings exports (referenced in 'Data collection and organization' and 'Current portfolio analysis' in SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the ingested data.
- Capability inventory: The skill is permitted to use powerful tools including Bash, Read, Write, and Edit (defined in the SKILL.md YAML frontmatter).
- Sanitization: There is no mention of input validation or sanitization for the ingested external data formats.
Audit Metadata