visit-memo
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes comprehensive documentation (PROVENANCE.md and the provenance/ directory) that traces the development process from requirement analysis and expert interviews to regulatory alignment with banking guidelines. This level of transparency is a best practice for high-integrity AI skills.
- [DATA_EXFILTRATION]: The skill accesses internal banking data via relative API endpoints (e.g., /api/customer/profile) through platform-provided system tools. It includes explicit data desensitization rules for sensitive information such as ID numbers and bank accounts, and does not perform unauthorized network operations to external domains.
- [PROMPT_INJECTION]: The instructions contain strict operational constraints and 'Financial Compliance Redlines' (R1-R3) designed to prevent the AI from complying with requests to record fraudulent data or hide risk signals. These act as safety guardrails rather than malicious overrides.
- [REMOTE_CODE_EXECUTION]: All provided scripts and templates are static or use standard Python libraries for local validation. There are no attempts to download or execute external code from remote sources.
- [COMMAND_EXECUTION]: No shell commands, privilege escalation attempts, or dynamic context injection patterns (!
command) were found in the skill's instructions or metadata.
Audit Metadata