Skills
skills/okikusan-public/stock_skills/graph-query/Gen Agent Trust Hub

graph-query

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Detected an attack surface for indirect prompt injection where untrusted data from the knowledge graph enters the agent's context.
  • Ingestion points: Data is ingested from the Neo4j database (reports, research, and market data) in scripts/run_query.py via the query() function and printed to standard output.
  • Boundary markers: None. Retrieved content is printed directly to the terminal without delimiters or instructions to the agent to treat the content as data rather than instructions.
  • Capability inventory: The skill is permitted to use Bash to execute python3 scripts as specified in the allowed-tools section of SKILL.md.
  • Sanitization: There is no evidence of sanitization, filtering, or instruction-escaping for the data retrieved from the knowledge graph.
  • [COMMAND_EXECUTION]: The skill uses Bash(python3 *) to execute its internal query logic. This is an expected pattern for local script-based skills and is scoped to the skill's specific directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 08:22 AM