moneta-ingest
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using
pnpm(e.g.,pnpm parse:bofa,pnpm parse:all) based on the detected type of financial documents. - The execution is limited to a predefined set of scripts referenced within the skill repository (
scripts/parse-*.ts). - [INDIRECT_PROMPT_INJECTION]: The skill scans untrusted external files in the
source/directory and sniffs content headers to identify document types, which presents an attack surface for indirect prompt injection. - Ingestion points: Files located in the
source/directory. - Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are used during the sniffing process.
- Capability inventory: The skill possesses the capability to execute local subprocesses via
pnpmand read/write to local JSON files (normalized/transactions.json, etc.). - Sanitization: While the skill validates output data (totals, date ranges), it does not explicitly mention sanitizing or escaping the file headers before processing them through the agent's sniffing logic.
Audit Metadata