israeli-bituach-leumi
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted user data. * Ingestion points: User-provided inputs (e.g., salary, age, and employment duration) are used as arguments for the calculation script in
SKILL.md. * Boundary markers: Absent; the skill does not provide delimiters or specific instructions to ignore embedded instructions in user data. * Capability inventory: The skill utilizesBash(python:*)viaallowed-toolsto execute the bundledscripts/calculate_benefits.pyscript. * Sanitization: Absent; the skill does not explicitly sanitize or validate user inputs before they are interpolated into shell commands. - [SAFE]: All external URLs reference official Israeli government domains (e.g.,
btl.gov.il,taasuka.gov.il) or reputable legal information portals (e.g.,kolzchut.org.il). - [SAFE]: The included Python script (
scripts/calculate_benefits.py) is a local, auditable utility that performs arithmetic calculations without network or file system access.
Audit Metadata