creating-financial-models
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it is designed to ingest and process external financial statements and models provided by users.
- Ingestion points: Historical financial statements, acquisition models, and user-defined scenario parameters.
- Boundary markers: Absent. The instructions do not specify delimiters or warnings for the agent to ignore instructions embedded within the processed financial data.
- Capability inventory: Executes local Python scripts (
dcf_model.py,sensitivity_analysis.py) to perform calculations and generate Excel workbooks. - Sanitization: Absent. No explicit validation or filtering of external content is mentioned.
- Risk Assessment: Since the output is primarily for agent reasoning and local file generation (Excel), the severity is classified as LOW.
- EXTERNAL_DOWNLOADS (INFO): The skill references external Python scripts and is part of a remote repository.
- Source: The metadata points to the
anthropicsGitHub organization. - Trust Status: Anthropic is a Trusted GitHub Organization. Per [TRUST-SCOPE-RULE], the finding regarding remote source references is downgraded to INFO.
Audit Metadata