Skills
skills/sundial-org/awesome-openclaw-skills/actual-budget/Gen Agent Trust Hub

actual-budget

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external financial sources, creating a surface for indirect prompt injection.
  • Ingestion points: Data enters the agent context through api.getTransactions(), api.getPayees(), and runQuery(), which retrieve potentially attacker-influenced strings like transaction notes or payee names from bank syncs or imports.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided snippets.
  • Capability inventory: The skill possesses significant write capabilities, including api.createRule(), api.updateTransaction(), and api.runBankSync(), which could be manipulated if the agent follows instructions found within transaction data.
  • Sanitization: No sanitization or validation of external financial content is documented.
  • [COMMAND_EXECUTION]: The documentation suggests a configuration that weakens transport security.
  • Evidence: The environment variable NODE_TLS_REJECT_UNAUTHORIZED is recommended to be set to 0 for self-signed certificates. This disables TLS/SSL certificate validation, exposing the connection to Man-in-the-Middle (MitM) attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 11:38 PM