analyst-common
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions designed to bypass agent safety or override system constraints. The use of 'CRITICAL' and 'MANDATORY' labels is appropriately used to enforce data verification logic.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or data exfiltration patterns were detected. The skill explicitly limits data sources to a predefined allowlist of reputable financial institutions.
- Indirect Prompt Injection (LOW):
- Ingestion points: External data is ingested through the
mcp_websearch_web_search_exaandWebFetchtools as specified inSKILL.md. - Boundary markers: Absent. There are no specific instructions to treat web content as untrusted data or use delimiters.
- Capability inventory: The skill uses web search and fetching tools but lacks file-writing or code-execution capabilities.
- Sanitization: No specific sanitization or filtering of search result content is mentioned.
- Remote Code Execution (SAFE): No patterns for remote script execution, unauthorized package installation, or dynamic code evaluation were identified.
Audit Metadata