quickbooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses curl to make HTTP requests and jq to process JSON responses for QuickBooks operations.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its handling of external data. 1. Ingestion points: Data enters the agent context through QuickBooks API responses fetched via curl in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls to curl and jq in SKILL.md. 4. Sanitization: Absent.
- [SAFE]: All network requests are directed to official QuickBooks domains (quickbooks.api.intuit.com), which is recognized as a well-known service. No hardcoded credentials or sensitive file access patterns were detected.
Audit Metadata