Skills
skills/alirezarezvani/claude-skills/cfo-review/Gen Agent Trust Hub

cfo-review

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts to perform financial calculations such as burn rate and unit economics.
  • Evidence: The skill calls python ../../../skills/cfo-advisor/scripts/burn_rate_calculator.py, unit_economics_analyzer.py, and fundraising_model.py as part of its primary workflow.
  • [PROMPT_INJECTION]: The skill ingests untrusted user data via the <plan> parameter, representing an indirect prompt injection surface.
  • Ingestion points: The input variable <plan> in the /cs:cfo-review command is processed by the agent.
  • Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the prompt instructions.
  • Capability inventory: The skill has the ability to execute shell commands (Python scripts) and write structured markdown output.
  • Sanitization: No evidence of input validation or sanitization is provided in the SKILL.md instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:30 AM