fsi-spg-funding-digest
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands, including package management via
npm install, document conversion usingsoffice.py(LibreOffice) andpdftoppm, and content extraction throughmarkitdownfor quality assurance. - [EXTERNAL_DOWNLOADS]: The workflow requires downloading well-known Node.js packages (
simple-icons,sharp,pptxgenjs) from the public NPM registry to support logo processing and slide generation. - [REMOTE_CODE_EXECUTION]: The skill utilizes a dynamic execution pattern where it generates a JavaScript script at runtime using the
pptxgenjslibrary and executes it to produce the final document. This script incorporates data retrieved from external API sources. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from external financial records and processes it in a pipeline that involves reading the final output back into the agent's context.
- Ingestion points: Data enters the context via S&P Global tools such as
get_info_from_identifiersandget_rounds_of_funding_info_from_transaction_idsas described in SKILL.md. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the external data interpolated into the slide or script.
- Capability inventory: The agent utilizes shell access (
npm,python), file system access to/home/claude/and/mnt/user-data/, and the ability to execute generated scripts. - Sanitization: No sanitization or validation logic is defined for strings retrieved from external APIs before they are included in the generated PowerPoint script or text fields.
Audit Metadata