contractor-tracking
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses standard financial tools to aggregate transaction data for tax tracking purposes.
- [PROMPT_INJECTION]: The skill ingests untrusted data from transaction records via the transaction_search tool (Indirect Prompt Injection surface). While it does not implement specific boundary markers or sanitization for this external content, the risk is mitigated by the limited capabilities of the available tools (transaction_search, export_transactions), which do not permit arbitrary command or code execution.
- Ingestion points: Results from transaction_search (SKILL.md)
- Boundary markers: Absent
- Capability inventory: transaction_search, export_transactions (SKILL.md)
- Sanitization: Absent
Audit Metadata