year-end-summary
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes financial transaction data which may contain untrusted strings from external sources.
- Ingestion points: Transaction descriptions and vendor names are retrieved from the financial database via tools like transaction_search and spending_summary (found in SKILL.md).
- Boundary markers: The workflow lacks explicit instructions or delimiters to isolate untrusted transaction data from the agent's internal instructions.
- Capability inventory: The agent has the capability to write the processed data to the filesystem as Markdown or CSV via the export_transactions tool.
- Sanitization: There is no evidence of sanitization or validation logic to filter potentially malicious instruction strings embedded in transaction content.
Audit Metadata