biz-health-check
Warn
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/biz_health_check.pyutilizesimportlib.utilto dynamically locate, load, and execute Python modules based on computed file paths. - Evidence: The
_loadfunction inscripts/biz_health_check.pyconstructs file paths using the repository root and a predefined map of sibling skills (_SIBLINGS), then usesspec.loader.exec_module(module)to execute the code contained in those files. - [PROMPT_INJECTION]: The skill accepts user-provided business data and interpolates it into calls for six different sub-modules, representing an indirect prompt injection surface.
- Ingestion points: User inputs for business number (
b_no), company name (name), and region (region) enter the agent context via CLI arguments. - Capability inventory: The skill has the capability to execute multiple internal scripts (
nts_business_registration.py,national_pension_workplace.py, etc.) using these inputs. - Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when passing these inputs to the helper functions.
- Sanitization: While the business registration number is validated against a 10-digit numeric regex, the
nameandregioninputs are only stripped of whitespace and not otherwise sanitized before being passed to sub-modules.
Audit Metadata