investor-update-generator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a local productivity tool for validating markdown files. It does not perform network operations or access sensitive system files.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/investor_update_validator.py) to analyze a user-provided file (update.md). This execution is restricted to the local environment and the script uses only standard Python libraries (argparse,json,re,sys,pathlib). - [INDIRECT_PROMPT_INJECTION]: The skill processes external text data (investor update drafts).
- Ingestion points: The
investor_update_validator.pyscript reads the content of a user-specified markdown file. - Boundary markers: The skill does not explicitly use boundary markers when presenting the validator's output to the agent.
- Capability inventory: The script's capabilities are limited to reading local files and printing structural analysis to standard output. It lacks network, shell execution (beyond being called by the agent), or file-write permissions.
- Sanitization: The script performs regex-based pattern matching for structural validation but does not execute or interpret the content of the markdown file as code or instructions.
Audit Metadata