Skills
skills/vivy-yi/finance-skills/investment-portfolio-review/Gen Agent Trust Hub

investment-portfolio-review

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks detected. The skill's behavior aligns with its documented purpose of investment analysis.
  • [DATA_EXPOSURE]: The skill identifies internal data sources labeled as [INVEST], [MARKET], and [ERP] and references a local configuration file (../../CLAUDE.md). Accessing these sources is necessary for the stated purpose of financial reporting and valuation updates.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external sources (ERP/Market data). While this presents a theoretical attack surface where external data could attempt to influence the agent's behavior, the skill provides a highly structured reporting template that enforces specific data fields, reducing the risk of unintended instruction execution.
  • [COMMAND_EXECUTION]: No shell commands, subprocess spawns, or executable scripts were found in the skill content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:26 AM
Security Audit — agent-trust-hub — investment-portfolio-review