tax-professional
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [NO_CODE] (SAFE): The provided files (README.md, references/common-writeoffs.md) are purely informational markdown documents. No SKILL.md or functional executable code was provided for analysis.
- [DATA_EXFILTRATION] (LOW): The skill is designed to ingest sensitive personal data from USER.md and log financial information to YYYY-expenses.json. This creates an attack surface for data exposure if the agent's context is compromised.
- [COMMAND_EXECUTION] (LOW): The documentation describes a feature to 'Configure tax calendar crons.' This implies an architectural intent to modify system scheduling (persistence), which is a capability that should be monitored for least-privilege enforcement.
- [EXTERNAL_DOWNLOADS] (LOW): The README suggests installation via 'clawdhub,' which is an untrusted third-party source not included in the trusted provider list.
Audit Metadata