finance-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (SAFE): No network-capable code (e.g.,
requests,urllib,socket) or exfiltration patterns were detected. All sensitive financial data is processed on the local file system. - [EXTERNAL_DOWNLOADS] (SAFE): The skill requires standard Python packages
pandasandpdfplumber. The HTML report referenceschart.jsvia a standard CDN. These are reputable sources and standard practices for the skill's purpose. - [COMMAND_EXECUTION] (SAFE): Python scripts perform file system I/O to read input data and write reports. No
os.system,subprocess, orevalcalls involving user-provided transaction data were identified. - [PROMPT_INJECTION] (LOW):
- Ingestion points: The skill reads transaction data from user-provided PDF files via
extract_pdf_data.pyand CSV/JSON files viaanalyze_finances.py. - Boundary markers: Absent. The processing logic does not distinguish between financial data and potential instructions embedded within transaction descriptions.
- Capability inventory: The skill has file read and write capabilities, though it lacks direct shell or network access.
- Sanitization: None. Transaction descriptions from untrusted files are directly interpolated into JSON analysis results and HTML visualization templates, presenting a risk of indirect prompt injection or cross-site scripting (XSS) in the generated report.
Audit Metadata