QuickBooks Automation
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The author name 'Claude Office Skills' is deceptive as it suggests the skill is an official product of Anthropic, whereas the author context indicates it originates from 'intelli-train-ai'. This can lead to a false sense of security regarding the skill's origin and safety.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and uses it to drive actions via QuickBooks tools.
- Ingestion points: External data enters the system through transaction records, customer information, email-forwarded receipts, and mobile app captures (referenced in SKILL.md).
- Boundary markers: The configuration lacks explicit delimiters or instructions to prevent the agent from executing commands embedded in the processed data.
- Capability inventory: The skill provides tools to create and modify financial records, including invoices, expenses, and customer profiles (qb_invoice, qb_expense, qb_customer, qb_reports).
- Sanitization: No input validation or sanitization protocols are defined for the data processed by the skill.
Audit Metadata