cja-top-movers-watchlist
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's HTML report template references font assets from Google's well-known font hosting services.
- [COMMAND_EXECUTION]: The skill instructs the agent to create an HTML file in the temporary directory and uses the open command to display it to the user.
- [PROMPT_INJECTION]: The skill displays dimension and metric data retrieved from Customer Journey Analytics, which represents a surface for indirect prompt injection. 1. Ingestion points: Data entering through runReport tools in Phase 2. 2. Boundary markers: Absent. 3. Capability inventory: File-write to temporary directory and execution of the open command. 4. Sanitization: Absent.
Audit Metadata