venmo-reconciler
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted transaction data from user-supplied Venmo CSV exports, creating an attack surface for indirect prompt injection via transaction notes.
- Ingestion points: Venmo CSV file path provided by the user (as described in the 'Workflow' section of SKILL.md).
- Boundary markers: Absent. The workflow does not define specific delimiters or instructions to treat the 'Note' or 'Description' columns as non-executable data.
- Capability inventory: The skill uses 'transaction_search', 'categorize', 'anomaly_detect', and 'export_transactions' to process and store data within the Open Accountant system.
- Sanitization: Absent. The instructions do not specify any validation, filtering, or escaping of the user-entered text from the CSV file before it is processed by the agent's logic.
Audit Metadata