earnings-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential vulnerability surface for indirect prompt injection due to its core function of retrieving and processing data from external, untrusted web sources.\n
- Ingestion points: The skill instructions in
workflow.mddirect the agent to perform web searches for the latest earnings releases, SEC 10-Q/K filings on EDGAR, and earnings call transcripts on third-party sites like Seeking Alpha.\n - Boundary markers: The instructions do not specify any clear boundary markers or protective prompts to prevent the agent from being influenced by malicious instructions embedded in the external financial documents it analyzes.\n
- Capability inventory: The skill has the capability to execute Python code for chart generation using libraries like matplotlib, pandas, and seaborn, and uses an external skill to create Word documents (DOCX).\n
- Sanitization: There is no mention of sanitization or validation of the data retrieved from external sources before it is processed by the agent or used in the report templates.
Audit Metadata