money
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
moneyCLI tool andnpmbuild scripts within local workspace directories. It also supports dynamic loading of additional modules via theMONEYCLI_PROVIDER_MODULESenvironment variable, which allows the execution of code from arbitrary file paths. - [DATA_EXFILTRATION]: The skill accesses sensitive financial information, including session cookies stored in
.cookies/moneyforward.com.cookie.jsonand local cache files. While this is necessary for the skill's primary function of managing financial snapshots, the handling of these credentials represents a potential data exposure risk if the agent's context is compromised. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external financial providers.
- Ingestion points: Output from the
moneycommand and provider data files mentioned inSKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill can execute subprocesses (
money,npm) and access the file system (cookies, cache), which could be leveraged if malicious instructions are processed. - Sanitization: No explicit sanitization or validation of the ingested financial data is described.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing the
@yuiseki/moneyclipackage from a public registry. This is a vendor-owned resource matching the skill author's identity.
Audit Metadata