invoice-organizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted document content and possesses file system modification capabilities. 1. Ingestion points: Extracts data from PDF, JPG, and PNG files (SKILL.md). 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded content within processed files. 3. Capability inventory: Includes
find,mkdir, andcpfor file system operations (SKILL.md). 4. Sanitization: Absent; extracted metadata is used directly in file paths without escaping or validation. - [Command Execution] (MEDIUM): Provides shell commands to be executed using data extracted from untrusted sources, creating a risk of path traversal or arbitrary file writes.
Recommendations
- AI detected serious security threats
Audit Metadata