invoice-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from invoices and receipts to extract information, which creates a risk of indirect prompt injection. Malicious text embedded within a document could attempt to hijack the agent's logic during the extraction or organization phase.
- Ingestion points: Steps 1 and 2 in
SKILL.mddescribe scanning folders and extracting text from PDFs and images (receipts). - Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the extracted content.
- Capability inventory: The skill uses
find,mkdir,cp, andmvcommands. It also includes instructions for generating and setting up folder-watching scripts. - Sanitization: There is no evidence of sanitization or escaping of the extracted strings before they are used in filenames or CSV reports.
- [COMMAND_EXECUTION]: The skill uses shell commands to manipulate the file system. While these are intended for organization (creating directories, copying/moving files), they operate on paths derived from potentially untrusted data extracted from invoices.
- [REMOTE_CODE_EXECUTION]: The 'Automation Setup' section instructs the agent to create and implement scripts for folder monitoring. While intended for local automation, this involves the generation and execution of new code based on the skill's logic.
Audit Metadata