roi-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Remote Code Execution] (SAFE): The skill consists entirely of Markdown and JSON metadata. There are no scripts (.py, .js, .sh), binary executables, or package dependency files (requirements.txt, package.json) included.
- [Data Exposure & Exfiltration] (SAFE): No network-enabled tools (curl, wget) or hardcoded credentials were found. The skill does not attempt to access sensitive system files.
- [Prompt Injection] (SAFE): The instructions provide a specific persona (executive financial analyst) and operational constraints for financial modeling, but they do not attempt to bypass LLM safety filters or override system-level instructions.
- [Indirect Prompt Injection] (SAFE): The skill is designed to process user-provided financial figures. However, it lacks any high-privilege capabilities (such as file-system writes or web browsing) that could be leveraged if malicious instructions were embedded in the input data.
Audit Metadata