square-import
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill provides legitimate instructions for processing financial data from Square POS exports. No malicious logic, obfuscation, or unauthorized access attempts were detected.
- [NO_CODE]: This skill consists of markdown instructions and metadata only; it does not contain any executable scripts, binary files, or external dependencies.
- [PROMPT_INJECTION]: The skill involves processing user-provided CSV data which represents an indirect prompt injection surface. While the current instructions are benign, data ingested from external CSVs could potentially contain instructions aimed at the agent.
- Ingestion points: User-provided Square CSV file.
- Boundary markers: None specified in the instructions.
- Capability inventory: Uses transaction_search, categorize, and export_transactions tools.
- Sanitization: No explicit content validation or escaping described.
Audit Metadata