business-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides command-line patterns for executing Python scripts (e.g., scripts/dashboard_analyzer.py, scripts/kpi_calculator.py) to perform data analysis and report generation. These scripts are not provided in the skill package, preventing a full security audit of their internal logic.
- [PROMPT_INJECTION]: The skill's architecture for report automation and KPI calculation creates a surface for indirect prompt injection.
- Ingestion points: The scripts kpi_calculator.py and data_quality.py ingest external configuration files (metrics.yaml) and datasets (sales_opportunities).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided documentation or script execution patterns.
- Capability inventory: The skill utilizes command execution of Python scripts and interacts with various data systems such as Snowflake, BigQuery, and Redshift as described in the architecture.
- Sanitization: No sanitization or validation logic is described for the external data ingested and processed by the referenced scripts.
Audit Metadata