conducting-cyber-risk-assessment-with-nist-800-30

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from external JSON files to generate Markdown reports.
  • Ingestion points: The scripts/process.py script reads risk data from a user-provided file via the --input CLI argument.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the contents of the generated report as potentially untrusted data.
  • Capability inventory: The capabilities are highly restricted; the script only performs string formatting and basic arithmetic, with no access to network tools, shell execution, or arbitrary file system write capabilities.
  • Sanitization: Input values from the JSON data are not sanitized before being rendered into the final Markdown table.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:26 PM
Security Audit — agent-trust-hub — conducting-cyber-risk-assessment-with-nist-800-30