investor-relations
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a document generation and financial analysis tool. It processes user-provided business data (such as ARR, MAU, and growth rates) to generate reports. The workflow is well-defined and aligns with the stated purpose of Investor Relations assistance.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data from the user, including business metrics and existing files, to generate its outputs. However, this is a low-risk surface given the context of a document generation tool.
- Ingestion points: Collects user-provided metrics (MAU, ARR), business materials, and existing files in SKILL.md and financial-modeler.md.
- Boundary markers: No explicit XML delimiters or ignore-instructions warnings are used when processing input data.
- Capability inventory: The skill uses the
sequential-thinkingtool for logic processing and performs local file writing to a specific_workspace/directory. It does not have network access or arbitrary command execution capabilities. - Sanitization: The skill does not mention explicit sanitization or validation of the provided business data.
Audit Metadata