credit-risk-cot

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust and transparent methodology for financial analysis. All functionality aligns with the stated purpose of generating credit risk reasoning. No evidence of malicious intent, obfuscation, or unauthorized data access was found.\n- [COMMAND_EXECUTION]: The skill executes a local Python script scripts/validate_financial_data.py during its data confirmation phase. The script is included in the skill package and uses only standard libraries to perform arithmetic validation of financial statements (e.g., checking if assets equal liabilities). This is a legitimate functional requirement for the skill's domain.\n- [PROMPT_INJECTION]: The skill processes external, untrusted financial data (PDF/Excel reports), which constitutes an indirect prompt injection surface. This risk is mitigated by a strict 'read-before-write' workflow requiring the agent to confirm data scope before processing. Ingestion points include user-uploaded financial and credit documents. Boundary markers are established in the initial data confirmation and validation steps. The skill's capabilities are limited to local script execution and generating audit logs in a local directory, with no network-based data exfiltration capabilities. Sanitization is performed through mathematical consistency checks and strict instructions to avoid data fabrication or inference beyond the provided source material.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:41 AM
Security Audit — agent-trust-hub — credit-risk-cot