fsi-spg-earnings-preview-single
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface due to its data ingestion and report generation pipeline. * Ingestion points: External data enters the agent context through Kensho search results (stored in kensho-findings.txt) and earnings call transcripts (stored in transcript-extracts.txt). * Boundary markers: The instructions lack explicit delimiters or specific warnings to the agent to disregard embedded instructions within the untrusted data. * Capability inventory: The skill is capable of executing shell commands (mkdir, cat), writing HTML files to the filesystem, and opening them in a browser using the open command. * Sanitization: There is no mechanism described for sanitizing or escaping the data fetched from external sources before it is interpolated into the HTML template.
- [EXTERNAL_DOWNLOADS]: The generated report template references external JavaScript libraries from a well-known service. * Evidence: The report-template.md file includes script tags for chart.js and chartjs-plugin-annotation hosted on the jsDelivr CDN (cdn.jsdelivr.net).
- [COMMAND_EXECUTION]: The skill uses shell commands to manage its internal data workflow. * Evidence: The SKILL.md instructions include mkdir -p /tmp/earnings-preview to initialize the workspace and multiple cat commands in Phase 7 to reload intermediate data into the agent's context for report generation.
Audit Metadata