data-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of markdown instructions and YAML metadata. There are no associated scripts or executables, which eliminates the risk of remote code execution, unauthorized command execution, or automated data exfiltration.- INDIRECT_PROMPT_INJECTION (INFO): The workflow directs the agent to ingest content from external context files such as 'USER.md' and 'MEMORY.md'. While these files could contain adversarial instructions, the skill lacks the 'write' or 'execute' capabilities required to perform harmful actions beyond influencing the generated text analysis.- DATA_EXPOSURE (INFO): The skill references business data sources (Etsy Seller API, Pinterest API, etc.) as conceptual mapping points for analysis. No hardcoded credentials, secrets, or actual data retrieval logic are present in the provided file.
Audit Metadata