Skills
skills/onewave-ai/claude-skills/saas-replacement-planner/Gen Agent Trust Hub

saas-replacement-planner

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of untrusted data (Category 8).
  • Ingestion points: Processes SaaS lists, CSV files, screenshots, and bank/credit card statements as specified in SKILL.md.
  • Boundary markers: The instructions do not define delimiters or specific constraints to ignore instructions potentially embedded in transaction descriptions or CSV fields.
  • Capability inventory: The agent utilizes Bash, Write, Edit, WebSearch, and WebFetch tools, providing high-impact capabilities if behavioral overrides occur.
  • Sanitization: No procedures are provided to redact sensitive financial identifiers or escape malicious content from processed files.
  • [DATA_EXFILTRATION]: The skill explicitly requests access to highly sensitive financial records. While no direct exfiltration logic exists in the code, the combination of processing bank statements with the available WebFetch and WebSearch tools represents an exposure risk if the agent's context is compromised.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to perform economic analysis and architectural design. This powerful capability increases the risk associated with potential injection attacks or instruction manipulation derived from untrusted input files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 05:26 PM