investment-results-collector
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- No Code (SAFE): The skill consists entirely of markdown instructions and does not include any scripts, executables, or code blocks intended for direct execution.
- Indirect Prompt Injection (LOW): The skill acts as a data pipeline that ingests and persists untrusted content.
- Ingestion points: The skill collects 'Original user query' and 'Agent output' as defined in the collection workflow and storage schema.
- Boundary markers: The instructions do not specify the use of delimiters or markers to isolate untrusted user or agent content within the generated markdown and JSON files.
- Capability inventory: The skill facilitates file-write operations to the local
.agent-results/directory. - Sanitization: There is no requirement or instruction for sanitizing or escaping the content of agent outputs before they are archived.
Audit Metadata