gather
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of local scripts
import_data.pyandledger.pyto handle CSV imports and payment statement processing. These are presented as part of the intended tax-filing toolset. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with sensitive local tax data and configuration files (e.g.,
shinkoku.config.yaml,.shinkoku/progress/). Analysis shows all operations are restricted to the local file system with no identified network exfiltration or external data transfers. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local progress files which could serve as an attack surface.
- Ingestion points: Reads from
.shinkoku/progress/02-assess.mdandshinkoku.config.yamlto determine the current state. - Boundary markers: Absent; the agent reads the markdown and YAML content directly into context.
- Capability inventory: File system read/write access and execution of local Python scripts (
import_data.py,ledger.py). - Sanitization: Not explicitly defined in the instructions.
Audit Metadata