tax-filing
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow requires the agent to dynamically generate a Python script (
output/fill_YEAR.py) incorporating logic fromscripts/fill_forms.pyand execute it at runtime to process the tax forms. - [EXTERNAL_DOWNLOADS]: Fetches blank tax forms from official government repositories at
irs.govandftb.ca.gov. These are well-known, trusted domains for the intended use case. - [PROMPT_INJECTION]: The skill ingests untrusted third-party data from source documents (PDFs, CSVs) provided by the user. This creates a surface for indirect prompt injection if those documents contain malicious instructions intended to divert the agent's calculation logic or data handling.
- Ingestion points: Document extraction using
pdfplumberand the agent's Read tool for CSV files. - Boundary markers: No explicit delimiters or boundary markers are defined for the extracted data saved to
work/tax_data.txt. - Capability inventory: Local file read/write, network downloads from trusted sources, and Python script execution via subprocesses.
- Sanitization: No validation or sanitization is performed on the extracted document content before it is used in tax computations or form filling.
Audit Metadata