tax-professional
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
clawdbot cron addcommands to schedule recurring tax-related reminders. While intended for user notifications, this utilizes the agent's command-line interface for persistence and recurring task execution. - [DATA_EXFILTRATION]: The skill reads sensitive user information including employment status, location, and filing history from
USER.md, alongside financial data from integration files likedata/mechanic/state.jsonanddata/card-optimizer/cards.json. This constitutes access to sensitive data within the agent's workspace. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection (Category 8). Ingestion points: Data is ingested from
USER.md,data/mechanic/state.json, anddata/card-optimizer/cards.json. Boundary markers: No delimiters or safety instructions are provided in the skill to separate the ingested data from the agent's operational instructions. Capability inventory: The skill is capable of writing JSON files to the workspace and executing CLI commands via theclawdbotutility. Sanitization: There is no evidence of input validation or content filtering to prevent malicious data from these files from influencing the agent's execution flow or command arguments.
Audit Metadata