personal-finance
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python script generation and execution via
python3 -cfor record management and directory setup. This represents runtime dynamic execution of logic derived from templates. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by reading transaction data from a local file that could contain malicious instructions.
- Ingestion points:
~/Documents/xiaodazi_finance/records.json(accessed during report generation) - Boundary markers: None present in the logic to delimit data from instructions.
- Capability inventory: Local file system access (read/write), shell command execution, and Python logic execution.
- Sanitization: No sanitization or validation of fields like 'category' or 'description' is performed before data is processed.
- [SAFE]: The skill's data operations are restricted to the local file system. No network requests, external downloads, or exfiltration patterns were identified during the analysis.
Audit Metadata