fsi-ib-datapack-builder
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: Comprehensive analysis of the instructions and provided patterns reveals no malicious intent, such as credential harvesting, unauthorized network communication, or persistence mechanisms. The skill focuses strictly on the legitimate task of financial data normalization and reporting.
- [PROMPT_INJECTION]: The skill's primary function involves processing untrusted external data (CIMs, SEC filings, web searches), which presents an indirect prompt injection surface. The risk is mitigated by the skill's specific focus on structured financial data extraction.
- Ingestion points: Accesses information from uploaded documents, web search results, and MCP server data in Phase 1.
- Boundary markers: Not explicitly defined in the prompt; there are no instructions to use specific delimiters or ignore embedded instructions in source text.
- Capability inventory: Uses the
xlsxtool for file creation and web search tools for data retrieval. - Sanitization: No specific sanitization, escaping, or validation logic for the extracted text is described beyond normalization of accounting line items.
- [REMOTE_CODE_EXECUTION]: The skill provides Python-like logic templates to guide the agent in managing row references and formulas when using the
xlsxtool. This is a safe application of script generation from templates to ensure the accuracy of the generated Excel files and does not involve executing untrusted code.
Audit Metadata