Skills
skills/phrazzld/claude-config/finances-ingest/Gen Agent Trust Hub

finances-ingest

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/ingest.py, scripts/sync_moneta.py, and scripts/backfill.py) using the uv package manager.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it ingests untrusted financial data that could contain embedded instructions.
  • Ingestion points: Processes external CSV files from ~/Documents/finances/source/ (BofA, Strike, River, Robinhood, and Copilot exports).
  • Boundary markers: There are no documented boundary markers or instructions to the model to ignore potential instructions embedded within the financial transaction descriptions or metadata.
  • Capability inventory: The skill uses uv run python to execute scripts that have file system access (read/write) within the ledger directory.
  • Sanitization: No sanitization, escaping, or validation of the CSV contents is mentioned in the skill description or command usage.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:26 PM