Skills
skills/tifandotme/dotfiles/actual-budget-api-expert/Gen Agent Trust Hub

actual-budget-api-expert

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters via api.getTransactions(), api.getPayees(), and api.getAccounts() (SKILL.md).
  • Boundary markers: None identified; the documentation does not advise on delimiting transaction data from instructions.
  • Capability inventory: The skill provides extensive write capabilities, including api.deleteAccount(), api.closeAccount(), api.deleteTransaction(), and api.setBudgetAmount() (SKILL.md).
  • Sanitization: None identified. An attacker could embed instructions in a transaction memo that, when read by the agent, trigger unauthorized financial operations.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of @actual-app/api via npm. This is an external dependency from a repository/organization not included in the trusted sources list.
  • [COMMAND_EXECUTION] (MEDIUM): The API facilitates programmatic modification of local filesystem data (dataDir) and remote server synchronization, which could be abused if the agent is manipulated.
  • [CREDENTIALS_UNSAFE] (LOW): The api.init documentation includes a password parameter, which may lead to the exposure or hardcoding of sensitive sync server credentials.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:33 PM