treasury-administrator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The script
scripts/analyze_financials.pyaccesses the system path/srv/janusand utilizestrinity.config.load_configurationto retrieve sensitive keys. Although this is consistent with its role as a treasury administrator, the exposure of configuration data and access to fixed system paths are elevated risks. - [Dynamic Execution] (MEDIUM): In
scripts/analyze_financials.py, the code dynamically appends/srv/janusto the Python system path (sys.path.append). This allows for loading arbitrary modules from that directory, which could lead to unauthorized code execution if an attacker can write to that system path. - [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because user-provided data is used to construct queries for external research tools.
- Ingestion points: The
--regionCLI argument inscripts/analyze_financials.pyaccepts arbitrary strings. - Boundary markers: No delimiters or instructions are used to separate the region input from the research prompt template.
- Capability inventory: The script performs network operations and oracle queries via the
OracleBridgeclass. - Sanitization: There is no evidence of sanitization or validation for the
regioninput before it is interpolated into the stringf"Economic profile for {region}"passed tobridge.research.
Audit Metadata