investor-relations

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is document generation and financial analysis based on user-provided data. No high-risk behaviors or security violations were identified during the analysis.\n- [COMMAND_EXECUTION]: The skill integrates with the mcp__sequential-thinking__sequentialthinking tool. This is a legitimate use of the Model Context Protocol to handle complex, multi-step financial reasoning and does not pose a security risk in this context.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted business data provided by the user, which presents a theoretical injection surface.\n
  • Ingestion points: Untrusted data enters via user prompts describing business metrics (e.g., ARR, MAU) and through existing documents copied into the _workspace/ directory as described in references/financial-modeler.md.\n
  • Boundary markers: Absent. The instructions do not define specific delimiters or instructions to ignore embedded commands within the user data.\n
  • Capability inventory: The skill utilizes sequential thinking tools and performs file-write operations within its designated _workspace/ to store intermediate and final reports as mentioned in SKILL.md and its references.\n
  • Sanitization: Absent. There is no mention of input validation or escaping for the ingested financial data; the skill is instructed to accept provided formats as-is.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:11 PM
Security Audit — agent-trust-hub — investor-relations