The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill's init function requires a plaintext password for synchronization with the Actual Budget server. This poses a significant risk of credential exposure if the agent logs the configuration or stores it insecurely. Additionally, the skill provides full access to sensitive financial information, including account balances and complete transaction histories.
[Indirect Prompt Injection] (HIGH): The skill presents a high-risk attack surface for indirect injection. Ingestion points: Untrusted data enters the context through importTransactions, addTransactions, and runBankSync. Boundary markers: Absent; there are no delimiters or specific instructions provided to the agent to treat transaction fields like 'notes' or 'payee_name' as untrusted. Capability inventory: The skill allows for high-impact financial modifications, including deleteAccount, closeAccount, setBudgetAmount, and deleteTransaction. Sanitization: Absent; the API documentation does not specify any sanitization or validation for ingested string data.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The skill requires the installation of the @actual-app/api package from the npm registry. While this is a known library for the service, it remains an external dependency that should be verified for integrity to prevent supply chain attacks.

actualbudget-api