cja-top-movers-watchlist

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's HTML report template references font assets from Google's well-known font hosting services.
  • [COMMAND_EXECUTION]: The skill instructs the agent to create an HTML file in the temporary directory and uses the open command to display it to the user.
  • [PROMPT_INJECTION]: The skill displays dimension and metric data retrieved from Customer Journey Analytics, which represents a surface for indirect prompt injection. 1. Ingestion points: Data entering through runReport tools in Phase 2. 2. Boundary markers: Absent. 3. Capability inventory: File-write to temporary directory and execution of the open command. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 11:50 PM
Security Audit — agent-trust-hub — cja-top-movers-watchlist