financial-knowledge-manager
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill possesses a surface for Indirect Prompt Injection (Category 8) because it ingests untrusted user content and persists it into shared reference files.
- Ingestion points: User-provided financial data and descriptions passed as arguments to the skill.
- Boundary markers: Absent. While the skill mandates following existing markdown formatting (tables, headers), it does not require delimiters or 'ignore' instructions to isolate user-provided text from the agent's logic.
- Capability inventory: The skill is designed to read from and write to markdown files within the
skills/directory structure. - Sanitization: Absent. There are no instructions for the agent to validate, escape, or filter the content before writing it to the destination reference files.
Audit Metadata