excel-lbo-modeler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and possesses high-privilege capabilities.
- Ingestion points: The skill processes 'target company financial data' and 'debt term sheet parameters' as specified in SKILL.md.
- Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded commands in the input data.
- Capability inventory: The skill has broad tool permissions including
Bash(cmd:*),Read,Write, andEdit. - Sanitization: No sanitization, escaping, or validation logic is defined for the external inputs before they are used in the modeling process.
- [COMMAND_EXECUTION] (SAFE): While the skill requests unrestricted bash access, no malicious command patterns, persistence mechanisms, or privilege escalation attempts were found in the provided files.
Audit Metadata