roi-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of instructional Markdown and financial calculations. It does not include Python, JavaScript, or shell scripts.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, environment variables, or hardcoded credentials were detected. There are no network-capable commands (e.g., curl, fetch).
- [Prompt Injection] (SAFE): No patterns of instruction override, jailbreak attempts, or system prompt extraction were found.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to process user-provided financial scenarios (untrusted data), it lacks any 'capability' tier (no subprocess calls, file writing, or network access), effectively neutralizing the risk of indirect prompt injection attacks.
- Ingestion points: User-provided investment data and scenarios (SKILL.md).
- Boundary markers: Not present.
- Capability inventory: None. No scripts or tools provided.
- Sanitization: None required as there are no executable outputs.
Audit Metadata