skills/aliyun/qwen-dianjin/visit-memo/Gen Agent Trust Hub

visit-memo

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill includes comprehensive documentation (PROVENANCE.md and the provenance/ directory) that traces the development process from requirement analysis and expert interviews to regulatory alignment with banking guidelines. This level of transparency is a best practice for high-integrity AI skills.
  • [DATA_EXFILTRATION]: The skill accesses internal banking data via relative API endpoints (e.g., /api/customer/profile) through platform-provided system tools. It includes explicit data desensitization rules for sensitive information such as ID numbers and bank accounts, and does not perform unauthorized network operations to external domains.
  • [PROMPT_INJECTION]: The instructions contain strict operational constraints and 'Financial Compliance Redlines' (R1-R3) designed to prevent the AI from complying with requests to record fraudulent data or hide risk signals. These act as safety guardrails rather than malicious overrides.
  • [REMOTE_CODE_EXECUTION]: All provided scripts and templates are static or use standard Python libraries for local validation. There are no attempts to download or execute external code from remote sources.
  • [COMMAND_EXECUTION]: No shell commands, privilege escalation attempts, or dynamic context injection patterns (!command) were found in the skill's instructions or metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 06:40 AM
Security Audit — agent-trust-hub — visit-memo