budget-advisor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown instructions and metadata. No scripts (Python, JavaScript, Shell), binaries, or configuration files are provided.
- [DATA_EXFILTRATION] (SAFE): Although the skill is designed to handle sensitive financial information like income and debt, it lacks any code or network tools (such as curl or fetch) to transmit this data to external destinations.
- [PROMPT_INJECTION] (LOW): The skill is theoretically susceptible to indirect prompt injection because it processes untrusted user data (e.g., descriptions of expenses or goals) without explicit boundary markers or sanitization instructions.
- Ingestion points:
SKILL.md(Input Format section fields). - Boundary markers: Absent; user inputs are not delimited from instructions.
- Capability inventory: None; the skill has no tools or executable scripts to exploit.
- Sanitization: Absent; no logic is present to filter or escape user-provided strings.
Audit Metadata