mlb-faab-sizer
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its ingestion of external and multi-skill data. 1. Ingestion points: Historical bid data is read from the local 'faab-log.md' file, and signals are consumed from upstream analyzers. 2. Boundary markers: The skill lacks explicit delimiters or instructions to ignore instructions that may be embedded within the external log data. 3. Capability inventory: The skill generates and writes signal files using the 'mlb-signal-emitter' tool and produces natural language rationales. 4. Sanitization: No evidence of validation or sanitization is provided for the content of the 'faab-log.md' file before it is used in calculations or rationale generation.
- [DATA_EXFILTRATION]: The skill hardcodes an absolute file path ('/Users/kushaldsouza/Documents/Projects/yahoo-mlb/tracker/faab-log.md') in methodology.md. This exposure of local system details, specifically a local username and project directory structure, represents a privacy concern and indicates that the skill is configured for a specific local environment rather than being portable.
Audit Metadata