reading-payment-statement
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a custom CLI utility
shinkokuto perform text extraction and image conversion on PDF files. These commands (shinkoku pdf extract-textandshinkoku pdf to-image) are used for the primary purpose of document digitizing. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted external documents.
- Ingestion points: File contents processed via
shinkokuand theReadtool inSKILL.md. - Boundary markers: The skill defines output boundaries but lacks specific instructions to disregard instructions found within the input images or PDFs.
- Capability inventory: Execution of shell commands (
shinkoku) and file system access. - Sanitization: No input sanitization or filtering of extracted text is mentioned before the data is processed by the model.
- [SAFE]: The skill implements a security-positive 'dual verification' pattern, requiring two independent agents to agree on extracted values, which mitigates risks of data hallucination or manipulation.
Audit Metadata