Beancount Accounting
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to read and modify .beancount files, which often contain data from external financial institutions or shared sources. 1. Ingestion points: Ledger files, include files, and external documents referenced via the document directive. 2. Boundary markers: Absent; the skill does not provide instructions to distinguish financial data from embedded natural language instructions. 3. Capability inventory: The agent is directed to use CLI tools like bean-query and bean-check which interpret these files. 4. Sanitization: Absent; no validation or escaping of external content is recommended.
- [Dynamic Execution] (LOW): The skill documents the beancount plugin and query directives. The plugin system allows for the execution of arbitrary Python modules during parsing, which could be exploited if the agent is induced to process a malicious ledger file.
Audit Metadata