invoice-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell utilities (
find,mkdir,cp,mv) to manage, copy, and rename files within the user's directory structure as part of its core organization logic. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it is designed to ingest and act upon data extracted from untrusted external documents (invoices and receipts).
- Ingestion points: Text extraction from PDF documents and image-based receipts (SKILL.md).
- Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore potentially malicious instructions embedded within the invoice text.
- Capability inventory: The agent has capabilities to read files, write CSV summary files, and execute file system operations (move/copy/create directories) via bash.
- Sanitization: There is no specified logic to sanitize or validate the content extracted from documents before it is used for filename generation or directory creation.
Audit Metadata