PortfolioSyncing
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill reads highly sensitive financial files including
Portfolio_Positions_*.csvandBalances_for_Account_*.csvfrom the localnotebooks/updates/directory and transmits this data to a remote Google Sheets spreadsheet via tool calls. - Indirect Prompt Injection (MEDIUM): The workflow is vulnerable to indirect prompt injection via manipulated CSV files. 1. Ingestion points: Local CSV files in
notebooks/updates/. 2. Boundary markers: Absent; data is extracted and interpolated directly into tool parameters. 3. Capability inventory:mcp__gdrive__sheetsupdate operations. 4. Sanitization: Absent; the agent processes CSV column data without validation. - Safe Practices (INFO): The workflow implements 'Safety Checks' in Step 5, requiring explicit user confirmation before proceeding with updates that exceed specific thresholds, such as ticker counts or percentage changes in cost basis.
Audit Metadata