portfolio-risk
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): The skill file was thoroughly analyzed for malicious patterns, and none were detected. It primarily serves as a template for structuring financial data and metrics.
- [NO_CODE] (SAFE): There are no scripts, binaries, or references to external code packages within the skill metadata or content.
- [Indirect Prompt Injection] (SAFE): While the skill is designed to process external portfolio data, it lacks the necessary capabilities (such as shell access, file writing, or network egress) to facilitate an exploit. Evidence: 1. Ingestion points: User-provided portfolio holdings and weights enter the context during the 'Gather Portfolio Data' phase. 2. Boundary markers: Absent; the templates do not use specific delimiters to isolate external inputs. 3. Capability inventory: None; the skill does not use subprocesses, API calls, or file system modifications. 4. Sanitization: Absent; the skill relies on the AI model's baseline safety filters.
Audit Metadata