zakat-calculator
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill is designed to execute a local Python script (
scripts/calculate_zakat.py) using user-provided financial assets as command-line arguments. This is the primary intended function for calculating obligations and does not involve privileged escalation or suspicious shell piping. - [REMOTE_CODE_EXECUTION] (SAFE): The skill refers to an external script dependency that is not present in the provided files. Although the content of this script cannot be audited, its documented usage for calculation and price fetching is consistent with the skill's legitimate purpose.
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface because it takes untrusted user inputs (financial values) and interpolates them into a shell command. However, this risk is inherent to the skill's primary purpose. Evidence Chain: 1. Ingestion points: Asset and liability figures in
SKILL.mdStep 4. 2. Boundary markers: None present. 3. Capability inventory: Execution ofpython scripts/calculate_zakat.py. 4. Sanitization: None explicitly documented. - [DATA_EXFILTRATION] (SAFE): Although the skill handles sensitive financial information, no unauthorized network communication or exfiltration patterns were identified. The fetch for 'live prices' is a standard feature for this utility category.
Audit Metadata