Skills
skills/parlamento-ai/parlamento-ai-skill/research/Gen Agent Trust Hub

research

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches parliamentary session transcripts and official journal data from the author's API at parlamento.ai.
  • [COMMAND_EXECUTION]: Uses curl to interact with data endpoints and to send generated HTML content to a PDF rendering service hosted on Google Cloud Run (source-worker-876875904047.us-central1.run.app).
  • [DATA_EXPOSURE]: Uses an environment variable $PARLAMENTO_API_KEY for authorization, which is the standard secure method for handling credentials in this environment.
  • [PROMPT_INJECTION]: The skill processes external parliamentary data, which presents an attack surface for indirect prompt injection. However, the skill implements a strict multi-phase validation process (Source Inventory and Metrics Validation) to ensure the agent's analysis remains grounded in the provided data.
  • Ingestion points: Parliamentary transcripts and Official Journal data fetched from https://parlamento.ai/api/external/research/* (Phase 3).
  • Boundary markers: Absent in the prompts.
  • Capability inventory: Local file writing (Write tool to /tmp/report.html) and network requests via curl to transmit data to the PDF generator.
  • Sanitization: Absent; content is analyzed by the LLM and formatted into a template before PDF generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 03:29 AM