company-one-page-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data retrieved via
web_searchto identify business highlights, catalysts, and risks. - Ingestion points: External data enters the context through
web_searchqueries (Steps 1, 4, and 5 in SKILL.md). - Boundary markers: The instructions do not define clear delimiters or "ignore instructions" wrappers for the data fetched from the web before it is processed by the agent.
- Capability inventory: The skill has access to financial data tools (
gildata-aidata), business information services (asset-service), and general web search. It does not possess high-risk capabilities like local file system writes or arbitrary shell execution. - Sanitization: There are no explicit instructions to sanitize, filter, or validate the content of the search results before incorporating them into the final analysis report.
Audit Metadata