invoice-aging
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No critical security vulnerabilities, malicious patterns, or unauthorized data exfiltration attempts were detected. The skill's operations are consistent with its stated purpose of financial reporting.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted invoice data provided by the user. 1. Ingestion points: The skill requests a list of outstanding invoices or a description of invoicing patterns from the user in SKILL.md. 2. Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions potentially embedded in the user-provided data. 3. Capability inventory: The skill has access to the transaction_search tool for querying financial records. 4. Sanitization: No explicit validation or sanitization steps are defined for the user-supplied invoice data.
Audit Metadata