financial-data
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's configuration guide recommends using a CORS proxy via
VITE_CORS_PROXY_URLand explicitly suggests public fallbacks likecorsproxy.ioandallorigins.win. Since the skill handles sensitive credentials such asIB_TOKENand detailed financial records, routing this traffic through unvetted third-party proxies creates a risk of data and credential interception. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from several external services, including IBKR Flex Query API, Gmail for transaction confirmations, and Google Drive for spreadsheet files.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting and parsing untrusted content from external email bodies and user-uploaded files.
- Ingestion points: Gmail message content and CSV/Excel files from Google Drive.
- Boundary markers: Absent; the skill does not appear to use delimiters or specific instructions to isolate external data from the agent's command logic during processing.
- Capability inventory: The skill has the ability to write to a remote database (Supabase) via the
syncIBKRToSupabasefunction and read external file content. - Sanitization: While the code snippets show data validation for financial formats (tickers, dates), there is no evidence of sanitization to prevent embedded LLM instructions in the ingested text.
Audit Metadata