earnings-preview-single
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Chart.js library and the chartjs-plugin-annotation from the jsDelivr CDN (cdn.jsdelivr.net) to render interactive charts in the generated financial report. jsDelivr is a well-known and trusted content delivery network.
- [COMMAND_EXECUTION]: Utilizes system utilities including mkdir for directory setup, cat for data verification, and open for report display. These operations are restricted to the skill's defined workflow and temporary workspace in /tmp.
- [PROMPT_INJECTION]: Processes content from external news articles and transcripts via Kensho search, which presents a surface for indirect prompt injection. The skill provides mitigation by enforcing a rigid output template, mandatory data-traceability in the appendix, and explicit instructions for the agent to use only its own verified file data as the source of truth.
Audit Metadata