finance-manager
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (bank statements in PDF/CSV format) to generate analysis and interactive HTML reports. A lack of sanitization in this pipeline creates a vulnerability surface.
- Ingestion points:
scripts/extract_pdf_data.py(reads PDF statements) andscripts/analyze_finances.py(reads CSV/JSON transaction data). - Boundary markers: Absent. The scripts do not implement delimiters or instructions to ignore malicious content within the processed data.
- Capability inventory: The skill performs local file system operations, including reading sensitive financial files and writing reports (
transactions.csv,analysis.json,report.html). - Sanitization: Absent. Review of the sample
report.htmlindicates that transaction descriptions are injected directly into JavaScript data structures, which could allow a malicious transaction entry to execute arbitrary script in the user's browser. - [EXTERNAL_DOWNLOADS] (SAFE): The skill requires the installation of
pdfplumberandpandasfrom PyPI and loadsChart.jsfromcdn.jsdelivr.netin the generated reports. These are well-known, trusted sources. - [Metadata Analysis] (SAFE): The skill metadata correctly describes its financial analysis purpose, and no obfuscation or deceptive instructions were found in the
SKILL.mdfile. - [Missing Component]: The script
scripts/generate_report.pyis referenced in the documentation and required for the workflow but was not provided in the skill files, preventing a full audit of its implementation details.
Audit Metadata