regulatory-reporting
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown and reporting templates. It does not contain any executable scripts, binaries, or command-line operations.
- [DATA_EXPOSURE]: The skill is designed to handle sensitive financial metrics (revenue, profit, assets, etc.) by fetching them from an ERP system. This behavior is consistent with the stated purpose of regulatory reporting and does not involve unauthorized exfiltration.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external sources (ERP). While no specific vulnerability was found, processing external data without explicit boundary markers in the template is noted as a standard architectural risk for indirect injection if the source data is compromised.
- [COMMAND_EXECUTION]: There are no shell commands or system calls present. The interaction with the ERP system is described as a logical data fetching step rather than a scripted command.
Audit Metadata