afrexai-personal-finance
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or suspicious command executions were detected in the skill files. All external links point to the author's own repositories or official documentation sites.
- [NO_CODE]: The skill consists entirely of Markdown instructions and YAML data structures. It does not include any scripts (Python, JavaScript, etc.) or binary executables.
- [DATA_EXPOSURE]: The skill is designed to manage highly sensitive financial data, including net worth, debts, and income. While there is no exfiltration logic present in the skill itself, the agent is instructed to store this data in a local
finance/directory. Users should ensure their agent's storage environment is secure. - [INDIRECT_PROMPT_INJECTION]: A vulnerability surface exists because the skill instructs the agent to automate transaction categorization from bank or credit card records. Maliciously crafted transaction descriptions (e.g., a merchant name containing instructions) could potentially be interpreted as commands by the underlying LLM.
- Ingestion points: Bank/credit card transaction logs and financial statements.
- Boundary markers: Not present; the instructions do not include specific delimiters or 'ignore embedded instructions' warnings for transaction data.
- Capability inventory: The skill encourages the agent to perform file read/write operations for budgeting and net worth snapshots.
- Sanitization: No sanitization or validation logic is specified for external financial data.
Audit Metadata