israeli-bituach-leumi

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Potential for indirect prompt injection via untrusted user data. * Ingestion points: User-provided inputs (e.g., salary, age, and employment duration) are used as arguments for the calculation script in SKILL.md. * Boundary markers: Absent; the skill does not provide delimiters or specific instructions to ignore embedded instructions in user data. * Capability inventory: The skill utilizes Bash(python:*) via allowed-tools to execute the bundled scripts/calculate_benefits.py script. * Sanitization: Absent; the skill does not explicitly sanitize or validate user inputs before they are interpolated into shell commands.
  • [SAFE]: All external URLs reference official Israeli government domains (e.g., btl.gov.il, taasuka.gov.il) or reputable legal information portals (e.g., kolzchut.org.il).
  • [SAFE]: The included Python script (scripts/calculate_benefits.py) is a local, auditable utility that performs arithmetic calculations without network or file system access.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:29 AM
Security Audit — agent-trust-hub — israeli-bituach-leumi