financial-report-generation
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of markdown instructions, templates, and workflow descriptions for financial analysis. There are no executable scripts, shell commands, or obfuscated payloads.
- [NO_CODE]: No source code, scripts, or external dependencies (Python or Node.js) are included or referenced for installation.
- [PROMPT_INJECTION]: The skill includes instructions to process data from external ERP and BI systems. While this presents a surface for indirect prompt injection if those systems contain malicious data, it is a standard functional requirement for the skill's stated purpose.
- Ingestion points: ERP/BI system data (SKILL.md).
- Boundary markers: None specified; the skill assumes direct processing of retrieved data.
- Capability inventory: Report generation and structured data analysis.
- Sanitization: No explicit sanitization or input validation logic is provided for the data being ingested.
- [DATA_EXPOSURE]: The skill references a relative path
../../CLAUDE.mdto load project-level configuration and formatting standards. This is a common pattern in development-oriented agent environments and does not constitute a security risk in this context.
Audit Metadata