investment-compliance-check
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of instructional text and report templates. It does not include any scripts, binaries, or executable commands.
- [DATA_EXPOSURE]: The skill instructions specify reading a local configuration file (
../../CLAUDE.md) to obtain investment policies and authorization matrices. This is a standard pattern for context loading within the agent's environment and does not involve exfiltration or unauthorized access to sensitive system files. - [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted user data (investment details like project names and amounts).
- Ingestion points: Investment project details provided by the user in Step 1.
- Boundary markers: Absent.
- Capability inventory: None. The skill does not possess capabilities for network access, shell execution, or file writing.
- Sanitization: Absent.
- Note: Because the skill lacks any dangerous capabilities, the risk associated with this ingestion surface is negligible.
Audit Metadata