paypal-import
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate instructions for processing financial CSV exports. It uses designated tools for transaction searching and categorization.
- [PROMPT_INJECTION]: Analysis of indirect prompt injection surface: Ingestion points: PayPal CSV file data (referenced in SKILL.md); Boundary markers: No explicit delimiters or ignore instructions are defined for the CSV content; Capability inventory: transaction_search, categorize, export_transactions; Sanitization: Not explicitly implemented in the skill instructions. As this ingestion is the primary purpose of the skill and no exploitable high-privilege commands are present, this surface is considered a standard operational risk.
Audit Metadata