billing-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill references the
stripePython library for payment handling and thereportlablibrary for PDF generation. Both are well-known and trusted resources for their respective functions.\n- [PROMPT_INJECTION]: Vulnerabilities to indirect prompt injection exist in theInvoice.to_htmlandDunningManager.send_emailmethods withinresources/implementation-playbook.md. These methods interpolate customer-controlled data, such as names and addresses, directly into HTML and email templates using string formatting without sanitization or escaping.\n - Ingestion points:
InvoiceandDunningManagerclasses inresources/implementation-playbook.md(processing customer identity and location data).\n - Boundary markers: None implemented to delimit untrusted external data.\n
- Capability inventory: Includes financial transaction processing via
stripe.Charge.createand automated communication viasend_email.\n - Sanitization: No escaping or validation is performed on inputs before interpolation into templates.
Audit Metadata