cost-metering
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes shell commands (
cat,jq,echo,mkdir) to manage local budget files at~/.claude/daily-cost.jsonand~/.claude/cost-log.jsonl. These operations are limited to local data tracking and reporting. - [DATA_EXFILTRATION] (SAFE): No network operations or external data transfers were detected. All tracking is stored locally.
- [PROMPT_INJECTION] (SAFE): No malicious instructions or override patterns were found in the prompts or documentation.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not download external scripts or dependencies; it relies on locally available tools like
jq. - [INDIRECT_PROMPT_INJECTION] (LOW): While the skill processes cost logs which could theoretically contain data from external sources, it only processes this data using structured
jqqueries for reporting, which presents a negligible risk of prompt injection.
Audit Metadata