Skills
skills/wind-information-co-ltd/wind-skills/buffett/Gen Agent Trust Hub

buffett

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of analyzing external, untrusted documents. An attacker could embed malicious instructions in a financial report that the agent is then instructed to read and process.
  • Ingestion points: The skill is designed to ingest and analyze external financial reports, shareholder letters, and stock data provided by the user (SKILL.md).
  • Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded commands within the analyzed external content.
  • Capability inventory: The skill explicitly directs the agent to use the Read tool for accessing local files (SKILL.md), which represents a capability that could be redirected by a successful injection.
  • Sanitization: Absent. The skill lacks any mechanism to validate, filter, or escape instructions that may be present in the data being analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:10 AM