furusato
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external receipt images which are processed via an OCR sub-skill.
- Ingestion points: Image files listed via Glob and processed by the
/reading-receiptskill (SKILL.md Step 1-2). - Boundary markers: The skill relies on a structured output block (
---FURUSATO_RECEIPT_DATA---) to parse data (SKILL.md Step 1-2). - Capability inventory: Executes local CLI commands
shinkoku furusato addandshinkoku tax furusato-limit(SKILL.md Steps 2 and 4). - Sanitization: Implements a robust 'User-in-the-loop' verification step (Step 1-3) where extracted data must be confirmed or corrected by the user before being passed to executable tools.
Audit Metadata