memo-builder
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Internal Command Execution: The skill is configured to execute local Python scripts, specifically
user_context_preflight.pyandvalidate_payload.py, to manage session context and validate data integrity. These operations are restricted to internal skill paths and are used for operational consistency. - Indirect Prompt Injection Surface: The skill ingests untrusted external data from sources like company filings, earnings transcripts, and web search results. This creates a potential surface for indirect prompt injection, where malicious instructions embedded in documents could attempt to influence the agent's behavior.
- Ingestion points: Data enters the context via
company_filings_ir,earnings_transcripts_presentations, and web search connectors described inSKILL.mdandreferences/source-policy.md. - Boundary markers: The skill utilizes
references/source-policy.mdto define source priority and facts vs. assumptions, though explicit 'ignore instruction' delimiters for raw content are not defined in the provided files. - Capability inventory: The agent can execute shell commands (python scripts), generate HTML artifacts, and interact with various financial support tools.
- Sanitization: The workflow incorporates a quality check via
validate_payload.pyand thereferences/quality-workflow.mdto ensure evidence is sourced and numerically auditable.
Audit Metadata