setup-company
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill facilitates the collection of sensitive business and personal data, including pricing and professional backgrounds, into a single local Markdown file (
company-profile.md). While this centralizes sensitive data, no automated exfiltration logic or external network transmission of this data was detected. - [INDIRECT_PROMPT_INJECTION]: The skill utilizes external web research to pre-fill profile data, which presents an ingestion surface for potential indirect instructions. 1. Ingestion points: User-provided URLs for company websites, documentation, and knowledge bases. 2. Boundary markers: None are specified to isolate fetched content. 3. Capability inventory: The agent is instructed to perform web research/browsing. 4. Sanitization: No automated sanitization is described, although the agent is required to confirm drafted content with the user before saving the file.
Audit Metadata