cost-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a CLI interface ('cost-tracker') for managing and viewing cost data. These commands interact with local data files and do not execute arbitrary or dangerous system commands.
- [DATA_EXPOSURE]: The skill reads and writes usage data to 'data/cost-usage.json' and pricing configurations to 'config/pricing.json'. This data is stored locally and used solely for cost calculation and reporting within the skill's context.
- [EXTERNAL_DOWNLOADS]: No external downloads or remote script executions were detected. All logic is contained within the provided local files.
- [PROMPT_INJECTION]: The skill does not contain instructions that attempt to override agent behavior or bypass safety guidelines. Its focus is strictly on quantitative cost tracking.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests usage data (model names, provider names, job IDs) to calculate costs. While this is an ingestion point for external data, the data is treated as strings for indexing and summation, and is not interpolated into LLM prompts in a way that would allow for command injection.
Audit Metadata