sentiment-report
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard logic for aggregating data and generating reports. It uses the Agent tool to invoke trusted internal sub-skills for data collection and performs transparent mathematical calculations to derive a composite score. There are no signs of credential exposure, unauthorized network operations, or malicious command execution.
- [PROMPT_INJECTION]: The skill processes untrusted external content (news headlines, Reddit posts, StockTwits messages), creating a surface for indirect prompt injection. 1. Ingestion points: Output from news-sentiment, reddit-sentiment, and stocktwits-sentiment tools. 2. Boundary markers: Content is organized within a structured report template but lacks explicit instructions to disregard embedded commands. 3. Capability inventory: Functionality is restricted to calling sub-skills via the Agent tool; no direct file system or shell access is present. 4. Sanitization: External strings are interpolated directly into the final report structure without sanitization or filtering.
Audit Metadata