financial-document-parser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted financial documents (PDFs, images) which are a known surface for indirect prompt injection attacks where malicious instructions are embedded in the data.
- Ingestion points: User-provided invoices, receipts, bank statements, and tax documents in PDF or image format.
- Boundary markers: Absent. The instructions do not define delimiters or warnings for the agent to ignore instructions found within the parsed documents.
- Capability inventory: No code execution or network capabilities are defined within the skill scripts (none provided).
- Sanitization: Partial. The skill instructs the agent to mask sensitive account numbers, but does not provide instructions to filter or sanitize executable-like text from document content.
- [No Code] (SAFE): The skill consists entirely of instructional text and does not provide any scripts, binaries, or configuration files that execute logic on the host system.
Audit Metadata