revenue-concentration
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate financial risk assessments. All identified actions, such as searching transactions and calculating revenue shares, are consistent with the skill's stated purpose. There are no signs of credential theft, unauthorized network activity, or persistence mechanisms.
- [PROMPT_INJECTION]: The skill demonstrates a theoretical susceptibility to indirect prompt injection due to its processing of external transaction data.
- Ingestion points: Data is brought into the agent's context through the output of the
transaction_searchtool as described in SKILL.md. - Boundary markers: The workflow does not specify the use of delimiters or instructions to ignore instructions embedded within the transaction data.
- Capability inventory: No dangerous capabilities, such as arbitrary command execution, file system modification, or outbound network requests, were detected in the skill's logic.
- Sanitization: The instructions do not include specific data validation or sanitization steps for the transaction vendor/payee names or notes.
Audit Metadata