Skills
skills/fiscal-sh/fscl/fiscal/Gen Agent Trust Hub

fiscal

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing the fscl command-line utility to manage budgeting tasks. This includes sensitive operations such as account creation, transaction modification, and bank data imports.
  • [CREDENTIALS_UNSAFE]: Instructions in the skill direct the agent to collect a server password from the user and pass it as a plaintext argument (--password <pw>) to the fscl login command. This can expose the password to local system users through process monitoring tools or shell history.
  • [REMOTE_CODE_EXECUTION]: The skill supports dynamic code execution via the fscl query --module command, which allows the agent to run JavaScript modules for advanced data reporting. While used for functional analysis, this capability allows for the execution of locally defined code.
  • [EXTERNAL_DOWNLOADS]: The skill references npx for initialization and for adding additional agent skills from the vendor's repository (e.g., npx skills add fiscal-sh/fscl). These represent external resource fetches aligned with the primary purpose of the vendor-provided tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:36 PM