skills/sickn33/antigravity-awesome-skills/startup-business-analyst-financial-projections/Gen Agent Trust Hub
startup-business-analyst-financial-projections
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through several vectors. Ingestion points: The skill ingests user input for financial metrics and reads from 'resources/implementation-playbook.md'. It also relies on output from other skills like 'startup-financial-modeling' and 'team-composition-analysis'. Boundary markers: There are no explicit delimiters or instructions provided to the agent to prevent it from executing commands that might be embedded in the user input or the referenced files. Capability inventory: The skill has access to powerful tools including 'Bash', 'WebFetch', and 'WebSearch'. Sanitization: No evidence of sanitization or validation of the ingested data is present.
- [COMMAND_EXECUTION]: Excessive permissions. The skill requests the 'Bash' tool permission but provides no instructions or scripts requiring it, creating an unnecessary attack surface.
- [EXTERNAL_DOWNLOADS]: Excessive permissions. The skill requests 'WebFetch' and 'WebSearch' tool permissions which are not required for its current modeling functions based on user-provided inputs.
Audit Metadata