israeli-bituach-leumi
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, hardcoded credentials, or unauthorized data access patterns were detected. All external references target official Israeli government resources (btl.gov.il).
- [COMMAND_EXECUTION]: The skill utilizes a local Python utility (
scripts/calculate_benefits.py) to process benefit estimations. The script is self-contained and performs purely mathematical operations using standard libraries. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) related to its data processing workflow.
- Ingestion points: The agent ingests user-provided parameters such as monthly salary, age, and employment history from the conversation to calculate benefits.
- Boundary markers: There are no explicit instructions or delimiters defined to separate user-provided data from the operational instructions provided to the agent.
- Capability inventory: The skill uses the
Bash(python:*)tool to execute the calculation script with user-derived arguments. - Sanitization: The skill lacks explicit instructions for the agent to sanitize or escape user input before interpolating it into the shell command string used to run the calculator.
Audit Metadata