funding-digest
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads well-known and reputable Node.js packages (simple-icons, sharp) from the NPM registry to facilitate brand icon processing and image manipulation.
- [COMMAND_EXECUTION]: Shell commands are used for standard operational tasks including package installation via npm, and automated quality assurance checks using soffice, pdftoppm, and markitdown to verify the generated PowerPoint slide.
- [DATA_EXFILTRATION]: Retrieves financial transaction data and deal links exclusively from S&P Global Capital IQ, which is the intended and trusted data provider for this skill.
- [PROMPT_INJECTION]: The skill ingests external financial data (deal descriptions, company summaries) to generate takeaways. While this creates a potential surface for indirect injection, the risk is mitigated by using a high-integrity, structured data source (S&P Global).
Audit Metadata