Skills
NYC
skills/smithery/ai/personal-finance-coach/Gen Agent Trust Hub

personal-finance-coach

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill installs numpy, scipy, and pandas via pip. These are well-established, trusted libraries from the Python Package Index (PyPI) used for numerical calculations and data analysis.
  • [COMMAND_EXECUTION] (LOW): The skill is authorized to use the Bash tool. While no specific malicious commands are present in the skill's code, shell access is a high-privilege capability that could be targeted for exploitation.
  • [PROMPT_INJECTION] (LOW): (Indirect Prompt Injection Surface)
  • Ingestion points: The skill ingests untrusted data from the internet via the mcp__firecrawl__firecrawl_search and WebFetch tools.
  • Boundary markers: Absent. There are no specified delimiters or instructions to treat web-fetched content as untrusted data.
  • Capability inventory: The skill possesses powerful tools including Bash, Write, and Edit, which could be abused if the agent executes instructions hidden within retrieved web content.
  • Sanitization: No sanitization or validation mechanisms are mentioned for the external data processed by the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM