fsi-strip-profile
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Company filings (BamSEC, SEC EDGAR), investor presentations, corporate websites, and news/press releases (SKILL.md).
- Boundary markers: None identified; external content is not wrapped in protective delimiters.
- Capability inventory: The skill executes shell commands (
soffice,pdftoppm) and performs web research (SKILL.md). - Sanitization: No validation or sanitization of external data is specified before it is processed into slides.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to facilitate document conversion and visual verification.
- Evidence: The workflow requires running
soffice --headless --convert-to pdfandpdftoppmto generate slide previews. - [DATA_EXFILTRATION]: While primary data flow is for research, the skill accesses external financial platforms. This is documented as a standard function of the skill's purpose for financial analysis.
Audit Metadata