research
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves legislative transcripts and metadata from the vendor's API at parlamento.ai and official publication sources.
- [COMMAND_EXECUTION]: Executes curl commands to query parliamentary data and to communicate with a Google Cloud-hosted PDF generation worker (source-worker-876875904047.us-central1.run.app).
- [DATA_EXFILTRATION]: Transfers user-requested analysis and session content to a remote PDF service for document generation. This operation is restricted to the vendor's service using an environment-provided API key.
- [PROMPT_INJECTION]: The skill processes external data (parliamentary transcripts), which represents a theoretical surface for indirect prompt injection.
- Ingestion points: Fetches session content and official journal documents from parlamento.ai API endpoints as specified in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are used to separate ingested transcript text from the agent's analysis logic.
- Capability inventory: Utilizes Bash(curl), Read, and Write tools across its workflow.
- Sanitization: Extracted session content is used directly for analysis and report generation without additional filtering layers.
Audit Metadata