invoice-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill reads and processes content from untrusted user-provided files, creating a surface for indirect prompt injection. Ingestion points: Text is extracted from PDF files using
pypdfand from images using LLM vision capabilities. Boundary markers: The skill does not implement delimiters or specific instructions to ensure extracted content is not interpreted as agent commands. Capability inventory: The skill has permissions to scan, read, and move files on the local filesystem. Sanitization: No sanitization or validation of the extracted text (e.g., merchant names or dates) is performed before it is used for organizational logic and file naming. - [EXTERNAL_DOWNLOADS]: The skill installs standard Python libraries
pypdfandPillowfrom the official Python Package Index (PyPI) to support document and image processing.
Audit Metadata