e-tax
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
playwright-cliandbrowser_subagentto automate browser navigation and form entry on external websites. - [DATA_EXFILTRATION]: The skill handles and transmits highly sensitive personally identifiable information (PII) and financial records, including Japanese 'My Number' identifiers and bank account details, to the National Tax Agency's domain (
keisan.nta.go.jp). - [COMMAND_EXECUTION]: The script
scripts/etax-stealth.jsis used to evade website security controls and anti-bot measures. It spoofs browser environment properties such asnavigator.platform,userAgent, andnavigator.webdriver, and patches server-side generated JavaScript functions likegetClientOS()to bypass OS-based access restrictions. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via the data it processes.
- Ingestion points: Reads tax calculations and status data from local files such as
.shinkoku/progress/07-income-tax.md. - Boundary markers: The skill lacks explicit boundary markers or 'ignore' instructions when interpolating data from these files into its browser automation logic.
- Capability inventory: The agent possesses extensive capabilities, including arbitrary browser interaction and the ability to write progress files to the local filesystem.
- Sanitization: No evidence of sanitization or validation for content read from progress files was found.
- [SAFE]: The skill instructions contain explicit safety guardrails that prevent the AI from autonomously clicking the final submission button or performing QR code authentication, requiring these high-stakes actions to be performed manually by the user.
Audit Metadata