Businessstrategy
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of processing external data.
- Ingestion points: According to
SKILL.md, the agent is instructed to 'analyze uploaded financial documents (CSV, Excel screenshots)'. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external document content as untrusted data or to ignore embedded instructions.
- Capability inventory: While the skill does not execute code directly, it produces strategic guidance and documents that can be exported via an
MSOfficeskill. Malicious instructions in data could influence these outputs. - Sanitization: There is no evidence of data sanitization or structural validation for the ingested financial information.
- Risk Factor: An attacker could embed instructions within a financial statement to manipulate the 'Red Flags' analysis or to inject malicious content into a generated 'Pitch Deck' or 'Business Plan'.
Audit Metadata