actualbudget-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and init config show passing a plaintext password value (password: "your-password") and would lead an agent to request and embed user secrets verbatim into generated code/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill can fetch user-generated budget and transaction data from external sync servers (init with serverURL and downloadBudget(syncId)) and via runBankSync(accountId), so the agent would ingest third‑party/untrusted content for processing.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated personal-finance API (Actual Budget) with explicit methods to modify budgets, accounts, and transactions — not a generic tool. It exposes functions that create and import transactions (addTransactions, importTransactions), perform transfers (creating transfer transactions, closeAccount with balance transfer), set budget amounts/holds (setBudgetAmount, holdBudgetForNextMonth), create/update accounts with balances (createAccount, getAccountBalance), and trigger bank sync (runBankSync). These are specific financial operations (including creating transactions/transfers and updating budget values), so it grants direct financial execution capability.