valuation-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data from third-party financial websites.
- Ingestion points: SKILL.md specifies fetching financial facts, analyst forecasts, and intrinsic value estimates from the SEC, stockanalysis.com, and gurufocus.com.
- Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the fetched external data.
- Capability inventory: The skill is limited to data analysis and presentation. It does not possess capabilities for file writing, system command execution, or non-whitelisted network exfiltration.
- Sanitization: No explicit sanitization or filtering of the text-based analyst forecasts or recommendations is described before processing.
Audit Metadata