company-one-page-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data retrieved via web_search to identify business highlights, catalysts, and risks.
  • Ingestion points: External data enters the context through web_search queries (Steps 1, 4, and 5 in SKILL.md).
  • Boundary markers: The instructions do not define clear delimiters or "ignore instructions" wrappers for the data fetched from the web before it is processed by the agent.
  • Capability inventory: The skill has access to financial data tools (gildata-aidata), business information services (asset-service), and general web search. It does not possess high-risk capabilities like local file system writes or arbitrary shell execution.
  • Sanitization: There are no explicit instructions to sanitize, filter, or validate the content of the search results before incorporating them into the final analysis report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — company-one-page-analysis