Skills
skills/iamzifei/show-me-the-money/money-report/Gen Agent Trust Hub

money-report

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or high-risk command executions were detected. The skill primarily performs local file management and text processing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and merges content from external markdown files located in ~/.smtm/sessions/{project}/. If these files contain malicious instructions, the agent might attempt to follow them when generating the report.
  • Ingestion points: Snapshot markdown files found in ~/.smtm/sessions/{project}/.
  • Boundary markers: The instructions do not specify using delimiters (like XML tags) or safety warnings to encapsulate the content read from files.
  • Capability inventory: The skill is limited to local file system read and write operations. It has no network access or shell execution tools listed.
  • Sanitization: There is no mention of sanitizing or escaping the content from the snapshot files before inclusion in the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 05:47 PM