analyzing-financial-statements
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data (CSV, JSON, Excel), which creates an attack surface for indirect prompt injection where malicious instructions could be embedded in financial documents. Evidence Chain: 1. Ingestion points: Financial statement data (income statement, balance sheet, cash flow) in CSV, JSON, Text, and Excel formats as described in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Mentions local calculation and interpretation scripts (calculate_ratios.py, interpret_ratios.py). 4. Sanitization: Absent.
- NO_CODE (SAFE): No actual script files were provided in the skill package; the analysis is based solely on the markdown documentation and metadata.
Audit Metadata