monthly-invoice-summary
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is purely instructional and contains no code, shell scripts, or malicious behavior. It functions as a set of guidelines for the AI to transform technical data into business language.
- [NO_CODE]: There are no scripts, binaries, or configuration files provided with this skill; it relies entirely on the agent's pre-existing tools.
- [PROMPT_INJECTION]: The skill processes external data (Git commits and notes), which is a surface for indirect prompt injection (Category 8). 1. Ingestion points: Git log output and user-provided time sheet notes. 2. Boundary markers: Absent. 3. Capability inventory: Instructions to execute the 'git log' command. 4. Sanitization: Absent. The risk is assessed as safe/low because the skill's primary purpose is summarization and it does not use the data to perform sensitive actions.
Audit Metadata