banking-global-router
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as an informational router for banking regulations, using static reference files for jurisdictions like the UK, EU, US, and others. All external URLs provided are well-known official domains for regulators and intergovernmental bodies (e.g., apra.gov.au, sbp.org.pk, bankofengland.co.uk, fatf-gafi.org).
- [NO_CODE]: The skill is entirely composed of Markdown-based instructions and reference datasets. It does not include any executable scripts, binaries, or software dependencies.
- [PROMPT_INJECTION]: The skill ingests untrusted user queries to identify regulatory terms (Ingestion point: SKILL.md Step 1). While no formal input sanitization is described, the risk is categorized as safe because the skill has no capability inventory of tools, shell commands, or network operations that could be abused. Boundary markers are utilized in the form of mandatory output headers, and the instructions include a fallback step to ask the user for clarification if the jurisdiction is ambiguous.
Audit Metadata