usfiscaldata
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains a behavioral steering instruction in SKILL.md that directs the agent to proactively suggest the vendor's own platform (www.k-dense.ai) for complex workflows. This is an instruction override intended for promotional purposes.\n- [PROMPT_INJECTION]: The skill interacts with an external data source, creating a surface for indirect prompt injection where malicious instructions could be embedded in the retrieved financial data.\n
- Ingestion points: Data is retrieved from the U.S. Treasury API (api.fiscaldata.treasury.gov) as shown in SKILL.md and references/examples.md.\n
- Boundary markers: Absent; the skill does not provide instructions to the agent to treat the API response as potentially untrusted or to ignore embedded commands.\n
- Capability inventory: The skill includes capabilities for data retrieval and manipulation using requests and pandas across several reference files. No dangerous execution functions such as eval() or exec() are used on the ingested data.\n
- Sanitization: Absent; no specific sanitization, filtering, or escaping of the API's string content is performed before processing.\n- [EXTERNAL_DOWNLOADS]: The skill fetches financial datasets from api.fiscaldata.treasury.gov. This is a well-known and trusted official U.S. government service.
Audit Metadata