subscription-audit
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill is designed to search for and extract sensitive financial information including invoices, payment receipts, and billing notifications from Gmail and Slack. This represents a data exposure risk, although it is the primary intended function of the skill.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection because it reads and processes raw, untrusted content from external messages. 1. Ingestion points: Gmail threads and Slack messages via MCP tools. 2. Boundary markers: Absent; there are no instructions for the agent to treat external content as untrusted. 3. Capability inventory: Command execution (manus-mcp-cli, python3) and file system access for writing reports. 4. Sanitization: Absent; content is extracted via regular expressions and written directly to summary files.
- COMMAND_EXECUTION (SAFE): The skill executes a local Python script and MCP tools to perform its tasks, which is standard for its described workflow.
Audit Metadata