ib-pitch-book
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats or malicious patterns were identified in the skill instructions, reference files, or HTML templates.
- [PROMPT_INJECTION]: The skill processes untrusted external data (filings, scraped pages, PDFs) but implements defenses against indirect prompt injection. (1) Ingestion points: External filings and documents (SKILL.md). (2) Boundary markers: Instructs agent to treat all external sources as untrusted evidence (SKILL.md). (3) Capability inventory: No dangerous commands in the skill code. (4) Sanitization: Explicit instructions to ignore embedded commands (compliance.md).
- [DATA_EXFILTRATION]: No exfiltration patterns or hardcoded credentials found; the workflow includes specific rules for protecting sensitive management-provided data (MNPI).
- [EXTERNAL_DOWNLOADS]: Mentions external workflow sources from a trusted organization for attribution purposes, which does not pose a security risk.
Audit Metadata