finances-report
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses highly sensitive personal financial information located at
~/Documents/finances/, including net worth history, bank transaction logs from Copilot, and liability details with interest rates. - [COMMAND_EXECUTION]: Executes a local Python script (
scripts/report.py) using theuvpackage manager, which allows the agent to run arbitrary code and manage environments within the user's file system. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the ingestion of over 10,000 transactions from external sources (via
copilot.jsonl); the analysis lacks evidence of boundary markers or sanitization to prevent malicious instructions embedded in transaction descriptions from influencing the agent's behavior or subsequent reports.
Audit Metadata