payroll-calculation
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process data from external placeholders
[PAYROLL]and[HR], as well as configuration from../../CLAUDE.md. - Ingestion points: Data is pulled from external payroll and HR data sources directly into the agent's context during execution.
- Boundary markers: The instructions do not define clear delimiters (such as XML tags or triple backticks) or provide explicit directions to ignore commands that might be embedded within the processed data.
- Capability inventory: The skill's primary function is to generate a detailed report. No dangerous subprocesses, file-write operations, or network calls are explicitly defined within this file.
- Sanitization: There is no instruction to sanitize, validate, or escape the external content before it is interpolated into the prompt for processing.
Audit Metadata