biz-health-check

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/biz_health_check.py utilizes importlib.util to dynamically locate, load, and execute Python modules based on computed file paths.
  • Evidence: The _load function in scripts/biz_health_check.py constructs file paths using the repository root and a predefined map of sibling skills (_SIBLINGS), then uses spec.loader.exec_module(module) to execute the code contained in those files.
  • [PROMPT_INJECTION]: The skill accepts user-provided business data and interpolates it into calls for six different sub-modules, representing an indirect prompt injection surface.
  • Ingestion points: User inputs for business number (b_no), company name (name), and region (region) enter the agent context via CLI arguments.
  • Capability inventory: The skill has the capability to execute multiple internal scripts (nts_business_registration.py, national_pension_workplace.py, etc.) using these inputs.
  • Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when passing these inputs to the helper functions.
  • Sanitization: While the business registration number is validated against a 10-digit numeric regex, the name and region inputs are only stripped of whitespace and not otherwise sanitized before being passed to sub-modules.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 04:43 AM
Security Audit — agent-trust-hub — biz-health-check