smart-categorize
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious commands, obfuscation, or unauthorized file system operations were detected.
- [SAFE]: The skill uses designated tools (
transaction_search,categorize) to perform financial data processing within its intended scope. - [PROMPT_INJECTION]: The skill's primary function involves processing external transaction descriptions, which represents a surface for indirect prompt injection (Category 8).
- Ingestion points: Transaction descriptions are ingested via the
transaction_searchtool (SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are used for transaction strings.
- Capability inventory: The skill uses tools to read and modify transaction records but lacks higher-privilege capabilities like shell access or network requests.
- Sanitization: Input is matched against patterns for categorization purposes; no specific sanitization is mentioned.
- [SAFE]: Because the processing of descriptions is essential to the skill's intended accounting purpose, this surface is considered low risk and does not escalate the security verdict.
Audit Metadata