financial-document-parser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest and process untrusted external data (financial documents), which introduces a vulnerability surface for indirect prompt injection.
- Ingestion points: User-provided PDFs or images of invoices, receipts, and bank statements mentioned in the "When to Use This Skill" section.
- Boundary markers: Absent. The instructions do not define specific delimiters or provide guidance to the agent to disregard instructions that might be embedded within the documents being parsed.
- Capability inventory: No executable capabilities (scripts, shell commands, or network access) are defined within this skill file.
- Sanitization: Absent. There are no instructions for the agent to sanitize extracted content or validate it before generating output.
- [No Code] (SAFE): This skill contains no executable scripts, binaries, or configuration files. It consists entirely of YAML metadata and Markdown instructions for the LLM.
Audit Metadata