financial-report-anomaly-question-list

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-provided parameters, including financial data and the required AISKILLS_API_KEY, to the platform backend at https://ai-skills.ai via scripts/run.py. This communication is essential for the skill's core functionality.
  • [EXTERNAL_DOWNLOADS]: The skill is configured to ingest and process content from external web links provided through the exchangeFilingLink parameter, which allows the processing of remote financial documents.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from external URLs and files.
  • Ingestion points: exchangeFilingLink (URL), reportWorkbookFile (File upload), and financialReportText (Text input) defined in SKILL.md and references/form-schema.json.
  • Boundary markers: None identified; there are no instructions to use specific delimiters or protective warnings when the agent processes this external content.
  • Capability inventory: The ingested data is sent to an external API for analysis via the scripts/run.py script.
  • Sanitization: No explicit sanitization or validation of the retrieved content is performed within the provided skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — financial-report-anomaly-question-list