afa-dashboard
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely within a business analysis context, focusing on KPIs and data health. It explicitly prohibits the use of personal financial information or unauthorized data in its
SKILL.mdpreamble. - [SAFE]: No obfuscation, malicious URLs, or suspicious encoding techniques were detected in any of the skill's instruction files or reference materials.
- [SAFE]: The skill recommends several well-known and trusted third-party services for data integration (e.g., Shopify, GA4, Meta Ads, Klaviyo). These are recognized as legitimate industry tools and do not represent a security risk.
- [SAFE]: The skill has a surface for indirect prompt injection because it ingests data from external files. However, the risk is mitigated by the analytical nature of the skill.
- Ingestion points: Data is loaded from files in the
brand-brain/directory, includingproducts.md,learnings.jsonl,stack.md, andmetrics.md. - Boundary markers: The instructions do not define explicit boundary markers for ingested content, but the data is used for structured reporting and KPI calculations.
- Capability inventory: The skill does not possess high-risk capabilities such as arbitrary shell execution, system-level file modification, or network operations to unknown domains.
- Sanitization: The skill focuses on extracting numerical and structural data for analysis rather than interpreting free-form text as executable instructions, which significantly lowers the risk of injection.
Audit Metadata