post-loan-management
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, including customer-uploaded financial statements and credit records, during the automated risk assessment workflow. This creates a surface for indirect prompt injection where malicious instructions embedded within these documents could potentially influence agent behavior.
- Ingestion points: Data ingestion occurs at Workflow Steps 1 and 3 in
SKILL.md, where user-uploaded financial reports and customer files are parsed and passed to scripts. - Boundary markers: The skill does not explicitly utilize delimiters or instructions to ignore embedded prompts within the ingested data, although it implements a 'read-before-write' validation logic.
- Capability inventory: The skill possesses the capability to execute shell commands to run the bundled Python scripts (
scripts/validate_post_loan_data.py,scripts/check_fund_usage.py,scripts/calculate_financial_ratios.py,scripts/evaluate_risk_classification.py) across the workflow. - Sanitization: The validation scripts perform data integrity checks (e.g., balancing the balance sheet) but do not implement filtering or sanitization to prevent the agent from interpreting document content as natural language commands.
- [COMMAND_EXECUTION]: The workflow relies on executing local Python scripts via the shell to perform business logic calculations and compliance checks. While these scripts are part of the skill package, this pattern involves code execution based on processed data inputs.
Audit Metadata