cost-center-performance
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill is composed entirely of Markdown documentation and templates. It does not contain any executable scripts, shell commands, or code-based logic.
- [SAFE]: No evidence of malicious intent was found. The instructions focus on legitimate financial analysis tasks such as calculating variances and evaluating efficiency metrics.
- [PROMPT_INJECTION]: The skill involves ingesting data from external sources and local configuration files, which presents a surface for indirect prompt injection.
- Ingestion points: Data retrieved from ERP, COST, and MES systems, as well as the
../../CLAUDE.mdfile. - Boundary markers: The skill does not define specific delimiters or warnings to ignore embedded instructions in the ingested data.
- Capability inventory: No risky capabilities (e.g., subprocess execution, network requests, file writes) are present in this skill.
- Sanitization: There are no instructions for sanitizing or validating the ingested content.
- Since the skill lacks executable capabilities, this surface does not pose a significant security risk.
Audit Metadata