fsi-er-earnings-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external, untrusted sources, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Phase 1 of the workflow in
references/workflow.mdspecifies collecting data via web search, SEC EDGAR, Seeking Alpha, and investor relations websites.\n - Boundary markers: The instructions do not specify the use of delimiters or clear separation between system instructions and untrusted external content.\n
- Capability inventory: The skill utilizes Python (
matplotlib,pandas,seaborn) for chart generation and a DOCX creation tool as noted inSKILL.md.\n - Sanitization: There is no explicit requirement for the validation or sanitization of the retrieved external financial content before it is processed.\n- [DYNAMIC_EXECUTION]: The skill uses Python libraries for data processing and visualization.\n
- The
SKILL.mdfile identifiesmatplotlib,pandas, andseabornas dependencies used for generating the 8-12 charts required for the report.\n- [EXTERNAL_DOWNLOADS]: The skill requires the agent to perform extensive web searches and retrieve data from external domains.\n - The workflow directs the agent to access well-known financial data sources such as SEC.gov and Seeking Alpha, as well as company-specific investor relations portals.
Audit Metadata