copilot-money
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
copilot-money-clipackage from the official Python package registry (PyPI) to provide its core functionality.\n- [COMMAND_EXECUTION]: Utilizes a dedicated CLI tool (copilot-money) to query financial records, list accounts, and refresh bank connections.\n- [DATA_EXFILTRATION]: Accesses personal finance data including transaction history and account balances. It retrieves authentication tokens from supported browser storage (Chrome, Firefox, Safari, Arc) and stores configuration files locally at~/.config/copilot-money/config.jsonto facilitate API access.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external data retrieved from the Copilot Money API.\n - Ingestion points: Financial transaction descriptions, account names, and holdings data retrieved via API calls (SKILL.md).\n
- Boundary markers: No specific delimiters or instructions to ignore embedded content are documented for the processed data.\n
- Capability inventory: The skill can execute various CLI commands and display detailed financial information which could be influenced by injected content.\n
- Sanitization: No sanitization or validation of the retrieved financial data is described prior to processing by the agent.
Audit Metadata