datapack-builder
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- Document Processing Workflow: The skill is designed to ingest and analyze financial documents such as SEC filings, CIMs, and offering memorandums. It extracts and normalizes this data into a structured Excel format using the xlsx tool, which is consistent with its stated purpose of building professional financial reports.
- External Data Access: The skill utilizes web search and MCP server access to gather necessary financial information. These are standard capabilities for financial research and do not involve unauthorized data exfiltration or access to sensitive system files.
- Structured Data Creation: The instructions emphasize formula-based calculations, standardized formatting, and traceability to source documents. These practices are aligned with financial modeling best practices and ensure data integrity within the generated workbooks.
- Indirect Prompt Injection Surface: As a data-processing tool, the skill naturally ingests untrusted data from external sources (Step 1.1) and has the capability to write to files (Step 3). While this creates an attack surface common to all such skills, the instructions focus on standard financial analysis and documentation without exhibiting suspicious logic.
Audit Metadata