Skills
skills/auldsyababua/instructor-workflow/finance-manager/Gen Agent Trust Hub

finance-manager

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies (LOW): The documentation in SKILL.md and error handling in scripts/extract_pdf_data.py instruct users to install pandas and pdfplumber using the --break-system-packages flag. While these are legitimate packages, the skill relies on unversioned external downloads. This finding is downgraded from MEDIUM to LOW as the packages are essential for the skill's primary stated purpose.
  • Indirect Prompt Injection (LOW): The skill parses external documents (PDF, CSV, JSON) which can contain attacker-controlled text in transaction descriptions or categories.
  • Ingestion points: scripts/extract_pdf_data.py (PDF tables) and scripts/analyze_finances.py (CSV/JSON files).
  • Boundary markers: Absent. The scripts do not use delimiters or warnings to prevent the AI from interpreting data as instructions.
  • Capability inventory: The skill performs local file reading, data processing, and terminal output, but lacks network or system-altering capabilities.
  • Sanitization: Absent. The logic focuses on data types (float, date) but does not sanitize text fields for potential prompt injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 12:01 AM