home-office-deduction
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill utilizes internal tools like
transaction_searchandspending_summaryto access sensitive financial data (mortgage, rent, utilities). This access is a functional requirement for tax calculation and no data is sent to external or unauthorized domains. - [PROMPT_INJECTION]: The skill processes external data from transaction records which constitutes a surface for indirect prompt injection.
- Ingestion points: Transaction descriptions retrieved from financial logs.
- Boundary markers: No explicit delimiters are used to wrap or isolate untrusted transaction text.
- Capability inventory: The agent is limited to searching, summarizing, and exporting data; it lacks high-risk capabilities like arbitrary command execution or external network requests.
- Sanitization: There is no evidence of validation or sanitization of the transaction content before it is processed.
Audit Metadata