QuickBooks Automation
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Financial transaction data, customer records, expense receipts, and bank statements are ingested into the agent context as described in SKILL.md.\n
- Boundary markers: The skill does not provide delimiters or specialized instructions to the agent to isolate external data from its core logic.\n
- Capability inventory: The agent has high-impact tools available (qb_invoice, qb_expense) that can modify accounting records based on processed data.\n
- Sanitization: No data validation or input escaping is specified for the processed external content.\n- [NO_CODE]: The skill is purely instructional and configuration-based, containing no executable scripts or binary files in its distribution.
Audit Metadata