standard-cost-variance
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to process data from external systems ([ERP]/[COST]/[MES]). This creates an indirect prompt injection surface where malicious data within these systems could theoretically attempt to influence agent output. However, the skill lacks dangerous capabilities such as file system writes or subprocess execution, limiting the risk.
- Ingestion points: Data fetched from [ERP]/[COST]/[MES] systems and local configuration from
../../CLAUDE.md. - Boundary markers: None identified in the prompt templates to distinguish between instructions and data.
- Capability inventory: None. The skill only performs calculations and generates reports within the LLM context.
- Sanitization: None mentioned for external data.
- [SAFE]: No malicious code, obfuscation, or persistence mechanisms were detected. The skill's behavior is consistent with its stated purpose of financial analysis.
Audit Metadata