financial-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to use CLI commands from the openclaw platform to schedule recurring financial reporting tasks.\n- [DATA_EXFILTRATION]: The documentation includes a template for sending financial summaries to a Telegram chat ID, which is a functional feature for user-authorized remote notifications.\n- [PROMPT_INJECTION]: The skill processes data from user-managed logs to generate summaries, creating a potential surface for indirect prompt injection if the logs are used to store untrusted external data.\n
- Ingestion points: finance/income-log.md and finance/expense-log.md.\n
- Boundary markers: Absent.\n
- Capability inventory: File writing for business records and openclaw CLI execution.\n
- Sanitization: No explicit validation or filtering of log entries is performed.
Audit Metadata