investment-agent
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external data.
- Ingestion points: The agent is instructed to read monthly broker export files (CSV, XLSX, and images) and tracking files (watchlist.md, trades.md) from a local 'investments' directory.
- Boundary markers: Absent. The instructions do not define delimiters or provide specific 'ignore embedded instructions' warnings for the data being parsed from these external files.
- Capability inventory: The agent has broad capabilities including file system access (read/write), web search, and vision tools (for analyzing screenshots of holdings).
- Sanitization: No sanitization, validation, or escaping of content retrieved from the external financial reports is specified.
- [DATA_EXFILTRATION]: Accesses sensitive financial information, including equity holdings, buy prices, and portfolio valuations stored in the 'investments/' directory. While this is the primary purpose of the skill, the combination of access to sensitive personal files and web search capabilities creates a potential channel for data exposure if the agent is manipulated.
Audit Metadata