business-case
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill uses WebFetch and WebSearch tools to collect external data for financial research, creating a surface for potential indirect prompt injection. (1) Ingestion points: WebFetch and WebSearch tool outputs. (2) Boundary markers: Absent. (3) Capability inventory: Tools are limited to Read, Glob, Grep, WebFetch, and WebSearch. (4) Sanitization: No explicit sanitization or filtering logic is present.
- [DYNAMIC_EXECUTION]: The skill contains static Python code snippets in rules/business-roi.md for calculating financial metrics using the scipy library. This is a low-risk, intended feature for mathematical analysis that does not execute untrusted external code.
Audit Metadata