sbiz365-analyst

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external data from user-provided PDF reports, which creates an indirect prompt injection surface.
  • Ingestion points: Content is extracted from external PDFs (Step 2 in SKILL.md) to perform market analysis.
  • Boundary markers: There are no instructions to wrap extracted content in delimiters or provide 'ignore embedded instructions' warnings for the agent.
  • Capability inventory: The skill utilizes moai-office:docx-generator to create persistent Word documents and ai-slop-reviewer to modify content based on the analysis results.
  • Sanitization: No explicit sanitization or validation of the text extracted from the PDFs is defined before it influences the agent's reasoning or the final document generation.
  • [COMMAND_EXECUTION]: The documentation in references/report-template.md includes a hardcoded local filesystem path for saving reports (/Users/goos/Documents/Claude/Projects/상권분석/). Directing an agent to interact with specific user-named directories can lead to unintended filesystem access or errors if the agent's environment does not match the hardcoded template path.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:11 PM
Security Audit — agent-trust-hub — sbiz365-analyst