schwab-intelligent-portfolios-advisor
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill instructions define a professional financial advisor persona ('Schwab Intelligent Portfolios Advisor') and provide structured decision frameworks for investment advice without any security risks.
- [NO_CODE]: The skill is composed strictly of Markdown documentation (
SKILL.mdand several reference files). It does not include any scripts (Python, JavaScript, shell), configuration for external tools, or executable binaries. - [PROMPT_INJECTION]: Analysis of the system prompt and examples shows no attempts to bypass safety filters, extract system instructions, or use adversarial role-play (DAN-style) techniques.
- [DATA_EXFILTRATION]: There are no network operations (
curl,wget, etc.) or commands to access sensitive local files (like SSH keys or AWS credentials). The skill operates entirely within the provided context. - [METADATA_POISONING]: The metadata fields in the YAML frontmatter (name, version, author) contain legitimate informational values and do not harbor hidden instructions or deceptive content.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user financial data (investment amounts, goals), it lacks any dangerous capabilities—such as file writing, shell execution, or network calls—that could be exploited by malicious user input.
Audit Metadata