personal-finance-coach
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection as it processes external data from the web. \n
- Ingestion points: The skill utilizes
mcp__firecrawl__firecrawl_searchandWebFetchto retrieve content from external URLs. \n - Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between its core instructions and potentially malicious commands embedded in fetched web content. \n
- Capability inventory: The agent has access to powerful tools including
Bash,Write, andEdit, which could be misused if an indirect injection is successful. \n - Sanitization: No sanitization or validation of external data is specified in the skill's instructions. \n- [COMMAND_EXECUTION]: The skill uses the
Bashtool for environment setup. \n - Evidence: The skill executes
pip install numpy scipy pandasto install well-known and trusted quantitative libraries. This is a standard and safe operation for a financial analysis skill.
Audit Metadata