macro-policy-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown-based instructions and metadata. It does not include any Python scripts, Node.js code, shell scripts, or other executable binaries.
- [PROMPT_INJECTION]: The skill utilizes external data sources, including
web_searchand thegildata-aidatatool suite (e.g.,MacroNewslist,NewsInfoList), to fetch news and policy updates. This constitutes an indirect prompt injection surface where instructions hidden in external web content could potentially influence the agent's output. - Ingestion points: Data retrieved through
web_searchand variousgildata-aidatatools (vendor resources) mentioned in the 'Execution Flow' section of SKILL.md. - Boundary markers: There are no explicit delimiters or protective instructions provided to the agent to treat external content as untrusted data.
- Capability inventory: The skill has no capabilities for file system modification, network exfiltration, or code execution.
- Sanitization: No sanitization or validation mechanisms are implemented for the fetched data.
Audit Metadata